You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@livy.apache.org by "Damon Cortesi (Jira)" <ji...@apache.org> on 2022/12/15 05:43:00 UTC

[jira] [Assigned] (LIVY-878) Log4j upgrade for Livy 0.7.0 version

     [ https://issues.apache.org/jira/browse/LIVY-878?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Damon Cortesi reassigned LIVY-878:
----------------------------------

    Assignee: Damon Cortesi

>  Log4j upgrade for Livy 0.7.0 version
> -------------------------------------
>
>                 Key: LIVY-878
>                 URL: https://issues.apache.org/jira/browse/LIVY-878
>             Project: Livy
>          Issue Type: Sub-task
>            Reporter: Tinu Jose
>            Assignee: Damon Cortesi
>            Priority: Major
>             Fix For: 0.8.0
>
>
> We are looking for an advise from you in context of the below mentioned issue:
>  
> *A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly via the project’s GitHub on December 9, 2021.* 
> *The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.*
>  
> Apache Livy version 0.7.0 version is being used by our team for processing the spark jobs . It uses the Log4j 1.x.x. which is not having any continued support.
> We would like to upgrade the Log4j versions to the latest stable version  2.15 without having any impact on the installations .
>  
> Could you please recommend the possible ways to do the upgrade .Please note , we are not looking to upgrade the Livy version to 0.7.1 to resolve this issue .
> Our requirement is to retain the current installed version and configurations with only changes in the Log4j versions  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)