You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@spark.apache.org by GitBox <gi...@apache.org> on 2021/12/14 08:18:46 UTC

[GitHub] [spark] daguito81 commented on pull request #34877: [SPARK-37625][WIP] update log4j to 2.15

daguito81 commented on pull request #34877:
URL: https://github.com/apache/spark/pull/34877#issuecomment-993267778


   Attaching some previous discussion regarding migrating from Log4j 1.x to 2.x
   We have this issue from 2015 https://issues.apache.org/jira/browse/SPARK-6305 
   where a lot of information can be read regarding the problem with dependencies and bumping log4j to 2.x 
   
   Regarding CVE-2021-4104 @bradbm stated, supposedly this only affects if you have JMSAppender on your Log4j configuration, which Spark doesn't use by default. If your application uses JMSAppender you can see mitigations here https://access.redhat.com/security/cve/CVE-2021-4104 so you're not vulnerable.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org