(BTW you are sending to the Spark incubator list, and Spark has not been in incubation for about 7 years. Use user@spark.apache.org)
What update are you looking for? this has been discussed extensively on the Spark mailing list. Spark is not evidently vulnerable to this. 3.3.0 will include log4j 2.17 anyway. The ticket you cite points you to the correct ticket: https://issues.apache.org/jira/browse/SPARK-6305 On Mon, Jan 31, 2022 at 10:53 AM KS, Rajabhupati <rajabhupati...@comcast.com.invalid> wrote: > Hi Team , > > > > Is there any update on this request ? > > > > We did see Jira https://issues.apache.org/jira/browse/SPARK-37630 for > this request but we see it closed . > > > > Regards > > Raja > > > > *From:* KS, Rajabhupati <rajabhupati...@comcast.com> > *Sent:* Sunday, January 30, 2022 9:03 AM > *To:* u...@spark.incubator.apache.org > *Subject:* Log4j upgrade in spark binary from 1.2.17 to 2.17.1 > > > > Hi Team, > > > > We were checking for log4j upgrade in Open source spark version to avoid > the recent vulnerability in the spark binary . Do we have any new release > which is planned to upgrade the log4j from 1.2.17 to 2.17.1.Any sooner > response is appreciated ? > > > > > > Regards > > Rajabhupati >