You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@spark.apache.org by "KS, Rajabhupati" <Ra...@comcast.com.INVALID> on 2022/01/30 03:32:48 UTC
Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Hi Team,
We were checking for log4j upgrade in Open source spark version to avoid the recent vulnerability in the spark binary . Do we have any new release which is planned to upgrade the log4j from 1.2.17 to 2.17.1.Any sooner response is appreciated ?
Regards
Rajabhupati
Re: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Posted by Sean Owen <sr...@gmail.com>.
This has been discussed extensively on this list. See the archives. TL;DR
is current releases do not appear to be vulnerable. But 3.3.0 will move to
log4j 2 anyway
On Sat, Jan 29, 2022, 9:42 PM KS, Rajabhupati
<Ra...@comcast.com.invalid> wrote:
> Hi Team,
>
> We were checking for log4j upgrade in Open source spark version to avoid
> the recent vulnerability in the spark binary . Do we have any new release
> which is planned to upgrade the log4j from 1.2.17 to 2.17.1.Any sooner
> response is appreciated ?
>
>
> Regards
> Rajabhupati
>
Re: [EXTERNAL] Fwd: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Posted by Martin Grigorov <mg...@apache.org>.
Hi,
On Mon, Jan 31, 2022 at 7:57 PM KS, Rajabhupati
<Ra...@comcast.com.invalid> wrote:
> Thanks a lot Sean. One final question before I close the conversion how do
> we know what are the features that will be added as part of spark 3.3
> version?
>
There will be release notes for 3.3 at linked at
https://spark.apache.org/downloads.html#release-notes-for-stable-releases
once it is released.
>
> Regards
> Rajabhupati
> ------------------------------
> *From:* Sean Owen <sr...@gmail.com>
> *Sent:* Monday, January 31, 2022 10:50:16 PM
> *To:* KS, Rajabhupati <Ra...@comcast.com>
> *Cc:* user@spark.apache.org <us...@spark.apache.org>
> *Subject:* Re: [EXTERNAL] Fwd: Log4j upgrade in spark binary from 1.2.17
> to 2.17.1
>
> https://spark.apache.org/versioning-policy.html
> <https://urldefense.com/v3/__https://spark.apache.org/versioning-policy.html__;!!CQl3mcHX2A!RKTbxJp5YHpvUGypsjojX_0fVSxPO9kJqh3ApAQqmdDj-miYWN2W_Z7UEj0wcCAw1vaVRQ$>
>
> On Mon, Jan 31, 2022 at 11:15 AM KS, Rajabhupati <
> Rajabhupati_KS@comcast.com> wrote:
>
> Thanks Sean , When is spark 3.3.0 is expected to release?
>
>
>
> Regards
>
> Raja
>
> *From:* Sean Owen <sr...@gmail.com>
> *Sent:* Monday, January 31, 2022 10:28 PM
> *To:* KS, Rajabhupati <Ra...@comcast.com>
> *Subject:* [EXTERNAL] Fwd: Log4j upgrade in spark binary from 1.2.17 to
> 2.17.1
>
>
>
> Further, you're using an email that can't receive email ...
>
> ---------- Forwarded message ---------
> From: *Sean Owen* <sr...@gmail.com>
> Date: Mon, Jan 31, 2022 at 10:56 AM
> Subject: Re: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
> To: KS, Rajabhupati <Ra...@comcast.com.invalid>
> Cc: user@spark.incubator.apache.org <us...@spark.incubator.apache.org>,
> dev@spark.incubator.apache.org <de...@spark.incubator.apache.org>
>
>
>
> (BTW you are sending to the Spark incubator list, and Spark has not been
> in incubation for about 7 years. Use user@spark.apache.org)
>
>
>
> What update are you looking for? this has been discussed extensively on
> the Spark mailing list.
>
> Spark is not evidently vulnerable to this. 3.3.0 will include log4j 2.17
> anyway.
>
>
>
> The ticket you cite points you to the correct ticket:
> https://issues.apache.org/jira/browse/SPARK-6305
> <https://urldefense.com/v3/__https:/issues.apache.org/jira/browse/SPARK-6305__;!!CQl3mcHX2A!XF6x4vpuEeApZk34jTBcVXGfokzCTvWb50e3byOTbahLehzhoF0vkCZA9CJFu8ZLLEDeUA$>
>
>
>
> On Mon, Jan 31, 2022 at 10:53 AM KS, Rajabhupati <
> Rajabhupati_KS@comcast.com.invalid> wrote:
>
> Hi Team ,
>
>
>
> Is there any update on this request ?
>
>
>
> We did see Jira https://issues.apache.org/jira/browse/SPARK-37630
> <https://urldefense.com/v3/__https:/issues.apache.org/jira/browse/SPARK-37630__;!!CQl3mcHX2A!XF6x4vpuEeApZk34jTBcVXGfokzCTvWb50e3byOTbahLehzhoF0vkCZA9CJFu8bW88NS-g$>
> for this request but we see it closed .
>
>
>
> Regards
>
> Raja
>
>
>
> *From:* KS, Rajabhupati <Ra...@comcast.com>
> *Sent:* Sunday, January 30, 2022 9:03 AM
> *To:* user@spark.incubator.apache.org
> *Subject:* Log4j upgrade in spark binary from 1.2.17 to 2.17.1
>
>
>
> Hi Team,
>
>
>
> We were checking for log4j upgrade in Open source spark version to avoid
> the recent vulnerability in the spark binary . Do we have any new release
> which is planned to upgrade the log4j from 1.2.17 to 2.17.1.Any sooner
> response is appreciated ?
>
>
>
>
>
> Regards
>
> Rajabhupati
>
>
Re: [EXTERNAL] Fwd: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Posted by "KS, Rajabhupati" <Ra...@comcast.com.INVALID>.
Thanks a lot Sean. One final question before I close the conversion how do we know what are the features that will be added as part of spark 3.3 version?
Regards
Rajabhupati
________________________________
From: Sean Owen <sr...@gmail.com>
Sent: Monday, January 31, 2022 10:50:16 PM
To: KS, Rajabhupati <Ra...@comcast.com>
Cc: user@spark.apache.org <us...@spark.apache.org>
Subject: Re: [EXTERNAL] Fwd: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
https://spark.apache.org/versioning-policy.html<https://urldefense.com/v3/__https://spark.apache.org/versioning-policy.html__;!!CQl3mcHX2A!RKTbxJp5YHpvUGypsjojX_0fVSxPO9kJqh3ApAQqmdDj-miYWN2W_Z7UEj0wcCAw1vaVRQ$>
On Mon, Jan 31, 2022 at 11:15 AM KS, Rajabhupati <Ra...@comcast.com>> wrote:
Thanks Sean , When is spark 3.3.0 is expected to release?
Regards
Raja
From: Sean Owen <sr...@gmail.com>>
Sent: Monday, January 31, 2022 10:28 PM
To: KS, Rajabhupati <Ra...@comcast.com>>
Subject: [EXTERNAL] Fwd: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Further, you're using an email that can't receive email ...
---------- Forwarded message ---------
From: Sean Owen <sr...@gmail.com>>
Date: Mon, Jan 31, 2022 at 10:56 AM
Subject: Re: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
To: KS, Rajabhupati <Ra...@comcast.com.invalid>>
Cc: user@spark.incubator.apache.org<ma...@spark.incubator.apache.org> <us...@spark.incubator.apache.org>>, dev@spark.incubator.apache.org<ma...@spark.incubator.apache.org> <de...@spark.incubator.apache.org>>
(BTW you are sending to the Spark incubator list, and Spark has not been in incubation for about 7 years. Use user@spark.apache.org<ma...@spark.apache.org>)
What update are you looking for? this has been discussed extensively on the Spark mailing list.
Spark is not evidently vulnerable to this. 3.3.0 will include log4j 2.17 anyway.
The ticket you cite points you to the correct ticket: https://issues.apache.org/jira/browse/SPARK-6305<https://urldefense.com/v3/__https:/issues.apache.org/jira/browse/SPARK-6305__;!!CQl3mcHX2A!XF6x4vpuEeApZk34jTBcVXGfokzCTvWb50e3byOTbahLehzhoF0vkCZA9CJFu8ZLLEDeUA$>
On Mon, Jan 31, 2022 at 10:53 AM KS, Rajabhupati <Ra...@comcast.com.invalid>> wrote:
Hi Team ,
Is there any update on this request ?
We did see Jira https://issues.apache.org/jira/browse/SPARK-37630<https://urldefense.com/v3/__https:/issues.apache.org/jira/browse/SPARK-37630__;!!CQl3mcHX2A!XF6x4vpuEeApZk34jTBcVXGfokzCTvWb50e3byOTbahLehzhoF0vkCZA9CJFu8bW88NS-g$> for this request but we see it closed .
Regards
Raja
From: KS, Rajabhupati <Ra...@comcast.com>>
Sent: Sunday, January 30, 2022 9:03 AM
To: user@spark.incubator.apache.org<ma...@spark.incubator.apache.org>
Subject: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Hi Team,
We were checking for log4j upgrade in Open source spark version to avoid the recent vulnerability in the spark binary . Do we have any new release which is planned to upgrade the log4j from 1.2.17 to 2.17.1.Any sooner response is appreciated ?
Regards
Rajabhupati
Re: [EXTERNAL] Fwd: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Posted by Sean Owen <sr...@gmail.com>.
https://spark.apache.org/versioning-policy.html
On Mon, Jan 31, 2022 at 11:15 AM KS, Rajabhupati <Ra...@comcast.com>
wrote:
> Thanks Sean , When is spark 3.3.0 is expected to release?
>
>
>
> Regards
>
> Raja
>
> *From:* Sean Owen <sr...@gmail.com>
> *Sent:* Monday, January 31, 2022 10:28 PM
> *To:* KS, Rajabhupati <Ra...@comcast.com>
> *Subject:* [EXTERNAL] Fwd: Log4j upgrade in spark binary from 1.2.17 to
> 2.17.1
>
>
>
> Further, you're using an email that can't receive email ...
>
> ---------- Forwarded message ---------
> From: *Sean Owen* <sr...@gmail.com>
> Date: Mon, Jan 31, 2022 at 10:56 AM
> Subject: Re: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
> To: KS, Rajabhupati <Ra...@comcast.com.invalid>
> Cc: user@spark.incubator.apache.org <us...@spark.incubator.apache.org>,
> dev@spark.incubator.apache.org <de...@spark.incubator.apache.org>
>
>
>
> (BTW you are sending to the Spark incubator list, and Spark has not been
> in incubation for about 7 years. Use user@spark.apache.org)
>
>
>
> What update are you looking for? this has been discussed extensively on
> the Spark mailing list.
>
> Spark is not evidently vulnerable to this. 3.3.0 will include log4j 2.17
> anyway.
>
>
>
> The ticket you cite points you to the correct ticket:
> https://issues.apache.org/jira/browse/SPARK-6305
> <https://urldefense.com/v3/__https:/issues.apache.org/jira/browse/SPARK-6305__;!!CQl3mcHX2A!XF6x4vpuEeApZk34jTBcVXGfokzCTvWb50e3byOTbahLehzhoF0vkCZA9CJFu8ZLLEDeUA$>
>
>
>
> On Mon, Jan 31, 2022 at 10:53 AM KS, Rajabhupati <
> Rajabhupati_KS@comcast.com.invalid> wrote:
>
> Hi Team ,
>
>
>
> Is there any update on this request ?
>
>
>
> We did see Jira https://issues.apache.org/jira/browse/SPARK-37630
> <https://urldefense.com/v3/__https:/issues.apache.org/jira/browse/SPARK-37630__;!!CQl3mcHX2A!XF6x4vpuEeApZk34jTBcVXGfokzCTvWb50e3byOTbahLehzhoF0vkCZA9CJFu8bW88NS-g$>
> for this request but we see it closed .
>
>
>
> Regards
>
> Raja
>
>
>
> *From:* KS, Rajabhupati <Ra...@comcast.com>
> *Sent:* Sunday, January 30, 2022 9:03 AM
> *To:* user@spark.incubator.apache.org
> *Subject:* Log4j upgrade in spark binary from 1.2.17 to 2.17.1
>
>
>
> Hi Team,
>
>
>
> We were checking for log4j upgrade in Open source spark version to avoid
> the recent vulnerability in the spark binary . Do we have any new release
> which is planned to upgrade the log4j from 1.2.17 to 2.17.1.Any sooner
> response is appreciated ?
>
>
>
>
>
> Regards
>
> Rajabhupati
>
>
RE: [EXTERNAL] Fwd: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Posted by "KS, Rajabhupati" <Ra...@comcast.com.INVALID>.
Thanks Sean , When is spark 3.3.0 is expected to release?
Regards
Raja
From: Sean Owen <sr...@gmail.com>>
Sent: Monday, January 31, 2022 10:28 PM
To: KS, Rajabhupati <Ra...@comcast.com>>
Subject: [EXTERNAL] Fwd: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Further, you're using an email that can't receive email ...
---------- Forwarded message ---------
From: Sean Owen <sr...@gmail.com>>
Date: Mon, Jan 31, 2022 at 10:56 AM
Subject: Re: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
To: KS, Rajabhupati <Ra...@comcast.com.invalid>>
Cc: user@spark.incubator.apache.org<ma...@spark.incubator.apache.org> <us...@spark.incubator.apache.org>>, dev@spark.incubator.apache.org<ma...@spark.incubator.apache.org> <de...@spark.incubator.apache.org>>
(BTW you are sending to the Spark incubator list, and Spark has not been in incubation for about 7 years. Use user@spark.apache.org<ma...@spark.apache.org>)
What update are you looking for? this has been discussed extensively on the Spark mailing list.
Spark is not evidently vulnerable to this. 3.3.0 will include log4j 2.17 anyway.
The ticket you cite points you to the correct ticket: https://issues.apache.org/jira/browse/SPARK-6305<https://urldefense.com/v3/__https:/issues.apache.org/jira/browse/SPARK-6305__;!!CQl3mcHX2A!XF6x4vpuEeApZk34jTBcVXGfokzCTvWb50e3byOTbahLehzhoF0vkCZA9CJFu8ZLLEDeUA$>
On Mon, Jan 31, 2022 at 10:53 AM KS, Rajabhupati <Ra...@comcast.com.invalid>> wrote:
Hi Team ,
Is there any update on this request ?
We did see Jira https://issues.apache.org/jira/browse/SPARK-37630<https://urldefense.com/v3/__https:/issues.apache.org/jira/browse/SPARK-37630__;!!CQl3mcHX2A!XF6x4vpuEeApZk34jTBcVXGfokzCTvWb50e3byOTbahLehzhoF0vkCZA9CJFu8bW88NS-g$> for this request but we see it closed .
Regards
Raja
From: KS, Rajabhupati <Ra...@comcast.com>>
Sent: Sunday, January 30, 2022 9:03 AM
To: user@spark.incubator.apache.org<ma...@spark.incubator.apache.org>
Subject: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Hi Team,
We were checking for log4j upgrade in Open source spark version to avoid the recent vulnerability in the spark binary . Do we have any new release which is planned to upgrade the log4j from 1.2.17 to 2.17.1.Any sooner response is appreciated ?
Regards
Rajabhupati
Re: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Posted by Sean Owen <sr...@gmail.com>.
(BTW you are sending to the Spark incubator list, and Spark has not been in
incubation for about 7 years. Use user@spark.apache.org)
What update are you looking for? this has been discussed extensively on the
Spark mailing list.
Spark is not evidently vulnerable to this. 3.3.0 will include log4j 2.17
anyway.
The ticket you cite points you to the correct ticket:
https://issues.apache.org/jira/browse/SPARK-6305
On Mon, Jan 31, 2022 at 10:53 AM KS, Rajabhupati
<Ra...@comcast.com.invalid> wrote:
> Hi Team ,
>
>
>
> Is there any update on this request ?
>
>
>
> We did see Jira https://issues.apache.org/jira/browse/SPARK-37630 for
> this request but we see it closed .
>
>
>
> Regards
>
> Raja
>
>
>
> *From:* KS, Rajabhupati <Ra...@comcast.com>
> *Sent:* Sunday, January 30, 2022 9:03 AM
> *To:* user@spark.incubator.apache.org
> *Subject:* Log4j upgrade in spark binary from 1.2.17 to 2.17.1
>
>
>
> Hi Team,
>
>
>
> We were checking for log4j upgrade in Open source spark version to avoid
> the recent vulnerability in the spark binary . Do we have any new release
> which is planned to upgrade the log4j from 1.2.17 to 2.17.1.Any sooner
> response is appreciated ?
>
>
>
>
>
> Regards
>
> Rajabhupati
>
Re: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Posted by Sean Owen <sr...@gmail.com>.
(BTW you are sending to the Spark incubator list, and Spark has not been in
incubation for about 7 years. Use user@spark.apache.org)
What update are you looking for? this has been discussed extensively on the
Spark mailing list.
Spark is not evidently vulnerable to this. 3.3.0 will include log4j 2.17
anyway.
The ticket you cite points you to the correct ticket:
https://issues.apache.org/jira/browse/SPARK-6305
On Mon, Jan 31, 2022 at 10:53 AM KS, Rajabhupati
<Ra...@comcast.com.invalid> wrote:
> Hi Team ,
>
>
>
> Is there any update on this request ?
>
>
>
> We did see Jira https://issues.apache.org/jira/browse/SPARK-37630 for
> this request but we see it closed .
>
>
>
> Regards
>
> Raja
>
>
>
> *From:* KS, Rajabhupati <Ra...@comcast.com>
> *Sent:* Sunday, January 30, 2022 9:03 AM
> *To:* user@spark.incubator.apache.org
> *Subject:* Log4j upgrade in spark binary from 1.2.17 to 2.17.1
>
>
>
> Hi Team,
>
>
>
> We were checking for log4j upgrade in Open source spark version to avoid
> the recent vulnerability in the spark binary . Do we have any new release
> which is planned to upgrade the log4j from 1.2.17 to 2.17.1.Any sooner
> response is appreciated ?
>
>
>
>
>
> Regards
>
> Rajabhupati
>
RE: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Posted by "KS, Rajabhupati" <Ra...@comcast.com.INVALID>.
Hi Team ,
Is there any update on this request ?
We did see Jira https://issues.apache.org/jira/browse/SPARK-37630 for this request but we see it closed .
Regards
Raja
From: KS, Rajabhupati <Ra...@comcast.com>
Sent: Sunday, January 30, 2022 9:03 AM
To: user@spark.incubator.apache.org
Subject: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Hi Team,
We were checking for log4j upgrade in Open source spark version to avoid the recent vulnerability in the spark binary . Do we have any new release which is planned to upgrade the log4j from 1.2.17 to 2.17.1.Any sooner response is appreciated ?
Regards
Rajabhupati