You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Hyukjin Kwon (Jira)" <ji...@apache.org> on 2022/01/14 06:01:00 UTC

[jira] [Commented] (SPARK-37883) log4j update to 2.17.1 in spark-core 3.2

    [ https://issues.apache.org/jira/browse/SPARK-37883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17475966#comment-17475966 ] 

Hyukjin Kwon commented on SPARK-37883:
--------------------------------------

you should either upgrade to the latest Spark 3.3 when it's released.

> log4j update to 2.17.1 in spark-core 3.2
> ----------------------------------------
>
>                 Key: SPARK-37883
>                 URL: https://issues.apache.org/jira/browse/SPARK-37883
>             Project: Spark
>          Issue Type: Bug
>          Components: Security, Spark Core
>    Affects Versions: 3.2.0
>            Reporter: Setu Agrawal
>            Priority: Major
>              Labels: https://mvnrepository.com/artifact/org.apache.spark/spark-core_2.12/3.2.0
>
> We are using spark-core jar file, as below
> libraryDependencies += "org.apache.spark" %% "spark-core" % "3.2.0"
> as per maven repository it usgaes log4j older version, which need to be updated latest(2.17.1) to fix security vulenrability, please help us, how we can get update version spark-core, which usages latest updated log4j.
> Thanks
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org