This is an automated email from the ASF dual-hosted git repository.
viirya pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new 742b708 [SPARK-37684][BUILD] Upgrade log4j to 2.17
742b708 is described below
commit 742b7081713408e2dec97d9198a0b76202d5ec6f
Author: Liang-Chi Hsieh <vii...@gmail.com>
AuthorDate: Sat Dec 18 17:06:04 2021 -0800
[SPARK-37684][BUILD] Upgrade log4j to 2.17
### What changes were proposed in this pull request?
This patch proposes to upgrade log4j to 2.17.
### Why are the changes needed?
There is another CVE (CVE-2021-45105) found in 2.16:
https://logging.apache.org/log4j/2.x/security.html. We should upgrade log4j to
2.17.
### Does this PR introduce _any_ user-facing change?
No
### How was this patch tested?
Pass all tests.
Closes #34948 from viirya/upgrade_log4j2.17.
Authored-by: Liang-Chi Hsieh <vii...@gmail.com>
Signed-off-by: Liang-Chi Hsieh <vii...@gmail.com>
---
dev/deps/spark-deps-hadoop-2-hive-2.3 | 8 ++++----
dev/deps/spark-deps-hadoop-3-hive-2.3 | 8 ++++----
pom.xml | 2 +-
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/dev/deps/spark-deps-hadoop-2-hive-2.3
b/dev/deps/spark-deps-hadoop-2-hive-2.3
index 1b0d009..04d3d48 100644
--- a/dev/deps/spark-deps-hadoop-2-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-2-hive-2.3
@@ -186,10 +186,10 @@ lapack/2.2.1//lapack-2.2.1.jar
leveldbjni-all/1.8//leveldbjni-all-1.8.jar
libfb303/0.9.3//libfb303-0.9.3.jar
libthrift/0.12.0//libthrift-0.12.0.jar
-log4j-1.2-api/2.16.0//log4j-1.2-api-2.16.0.jar
-log4j-api/2.16.0//log4j-api-2.16.0.jar
-log4j-core/2.16.0//log4j-core-2.16.0.jar
-log4j-slf4j-impl/2.16.0//log4j-slf4j-impl-2.16.0.jar
+log4j-1.2-api/2.17.0//log4j-1.2-api-2.17.0.jar
+log4j-api/2.17.0//log4j-api-2.17.0.jar
+log4j-core/2.17.0//log4j-core-2.17.0.jar
+log4j-slf4j-impl/2.17.0//log4j-slf4j-impl-2.17.0.jar
logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar
lz4-java/1.8.0//lz4-java-1.8.0.jar
macro-compat_2.12/1.1.1//macro-compat_2.12-1.1.1.jar
diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3
b/dev/deps/spark-deps-hadoop-3-hive-2.3
index 17f4e91..290bb1d 100644
--- a/dev/deps/spark-deps-hadoop-3-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -173,10 +173,10 @@ lapack/2.2.1//lapack-2.2.1.jar
leveldbjni-all/1.8//leveldbjni-all-1.8.jar
libfb303/0.9.3//libfb303-0.9.3.jar
libthrift/0.12.0//libthrift-0.12.0.jar
-log4j-1.2-api/2.16.0//log4j-1.2-api-2.16.0.jar
-log4j-api/2.16.0//log4j-api-2.16.0.jar
-log4j-core/2.16.0//log4j-core-2.16.0.jar
-log4j-slf4j-impl/2.16.0//log4j-slf4j-impl-2.16.0.jar
+log4j-1.2-api/2.17.0//log4j-1.2-api-2.17.0.jar
+log4j-api/2.17.0//log4j-api-2.17.0.jar
+log4j-core/2.17.0//log4j-core-2.17.0.jar
+log4j-slf4j-impl/2.17.0//log4j-slf4j-impl-2.17.0.jar
logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar
lz4-java/1.8.0//lz4-java-1.8.0.jar
macro-compat_2.12/1.1.1//macro-compat_2.12-1.1.1.jar
diff --git a/pom.xml b/pom.xml
index 3e46656..e3833c4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -119,7 +119,7 @@
<exec-maven-plugin.version>1.6.0</exec-maven-plugin.version>
<sbt.project.name>spark</sbt.project.name>
<slf4j.version>1.7.30</slf4j.version>
- <log4j.version>2.16.0</log4j.version>
+ <log4j.version>2.17.0</log4j.version>
<hadoop.version>3.3.1</hadoop.version>
<protobuf.version>2.5.0</protobuf.version>
<yarn.version>${hadoop.version}</yarn.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org
For additional commands, e-mail: commits-h...@spark.apache.org
