You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-dev@hadoop.apache.org by "Wei-Chiu Chuang (Jira)" <ji...@apache.org> on 2021/04/12 03:48:00 UTC

[jira] [Resolved] (YARN-10730) Please upgrade log4j to log4j2

     [ https://issues.apache.org/jira/browse/YARN-10730?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Wei-Chiu Chuang resolved YARN-10730.
------------------------------------
    Fix Version/s:     (was: 3.4.0)
                       (was: 3.3.0)
       Resolution: Duplicate

Yes it's a well known issue but it's not an easy switch which is why it's taking so long. See HADOOP-16206 for the details.

> Please upgrade log4j to log4j2
> ------------------------------
>
>                 Key: YARN-10730
>                 URL: https://issues.apache.org/jira/browse/YARN-10730
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: api, applications, client
>    Affects Versions: 3.3.0, 3.2.1, 3.2.2
>            Reporter: helen huang
>            Priority: Major
>
> The log4j dependency being use by hadoop-common is currently version 1.2.17. Our fortify scan picked up a couple of issue with this dependency. Please update it to the latest version of log4j2 dependencies:
> <dependency>
>  <groupId>org.apache.logging.log4j</groupId>
>  <artifactId>log4j-api</artifactId>
>  <version>2.14.1</version>
> </dependency>
> <dependency>
>  <groupId>org.apache.logging.log4j</groupId>
>  <artifactId>log4j-core</artifactId>
>  <version>2.14.1</version>
> </dependency>
>  
> The slf4j dependency will need to be updated as well after you upgrade log4j to log4j2.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-dev-help@hadoop.apache.org