Thanks Sean , When is spark 3.3.0 is expected to release? Regards Raja From: Sean Owen <sro...@gmail.com<mailto:sro...@gmail.com>> Sent: Monday, January 31, 2022 10:28 PM To: KS, Rajabhupati <rajabhupati...@comcast.com<mailto:rajabhupati...@comcast.com>> Subject: [EXTERNAL] Fwd: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Further, you're using an email that can't receive email ... ---------- Forwarded message --------- From: Sean Owen <sro...@gmail.com<mailto:sro...@gmail.com>> Date: Mon, Jan 31, 2022 at 10:56 AM Subject: Re: Log4j upgrade in spark binary from 1.2.17 to 2.17.1 To: KS, Rajabhupati <rajabhupati...@comcast.com.invalid<mailto:rajabhupati...@comcast.com.invalid>> Cc: u...@spark.incubator.apache.org<mailto:u...@spark.incubator.apache.org> <u...@spark.incubator.apache.org<mailto:u...@spark.incubator.apache.org>>, d...@spark.incubator.apache.org<mailto:d...@spark.incubator.apache.org> <d...@spark.incubator.apache.org<mailto:d...@spark.incubator.apache.org>> (BTW you are sending to the Spark incubator list, and Spark has not been in incubation for about 7 years. Use user@spark.apache.org<mailto:user@spark.apache.org>) What update are you looking for? this has been discussed extensively on the Spark mailing list. Spark is not evidently vulnerable to this. 3.3.0 will include log4j 2.17 anyway. The ticket you cite points you to the correct ticket: https://issues.apache.org/jira/browse/SPARK-6305<https://urldefense.com/v3/__https:/issues.apache.org/jira/browse/SPARK-6305__;!!CQl3mcHX2A!XF6x4vpuEeApZk34jTBcVXGfokzCTvWb50e3byOTbahLehzhoF0vkCZA9CJFu8ZLLEDeUA$> On Mon, Jan 31, 2022 at 10:53 AM KS, Rajabhupati <rajabhupati...@comcast.com.invalid<mailto:rajabhupati...@comcast.com.invalid>> wrote: Hi Team , Is there any update on this request ? We did see Jira https://issues.apache.org/jira/browse/SPARK-37630<https://urldefense.com/v3/__https:/issues.apache.org/jira/browse/SPARK-37630__;!!CQl3mcHX2A!XF6x4vpuEeApZk34jTBcVXGfokzCTvWb50e3byOTbahLehzhoF0vkCZA9CJFu8bW88NS-g$> for this request but we see it closed . Regards Raja From: KS, Rajabhupati <rajabhupati...@comcast.com<mailto:rajabhupati...@comcast.com>> Sent: Sunday, January 30, 2022 9:03 AM To: u...@spark.incubator.apache.org<mailto:u...@spark.incubator.apache.org> Subject: Log4j upgrade in spark binary from 1.2.17 to 2.17.1 Hi Team, We were checking for log4j upgrade in Open source spark version to avoid the recent vulnerability in the spark binary . Do we have any new release which is planned to upgrade the log4j from 1.2.17 to 2.17.1.Any sooner response is appreciated ? Regards Rajabhupati
