Re: Does Spark 3.1.2/3.2 support log4j 2.17.1+, and how? your target release day for Spark3.3?

Wed, 12 Jan 2022 08:23:00 -0800 

Again: the CVE has no known effect on released Spark versions. Spark 3.3
will have log4j 2.x anyway.

On Wed, Jan 12, 2022 at 10:21 AM Crowe, John <john.cr...@tditechnologies.com>
wrote:

> I too would like to know when you anticipate Spark 3.3.0 to be released
> due to the Log4j CVE’s.
>
> Our customers are all quite concerned.
>
>
>
>
>
> Regards;
>
> John Crowe
>
> TDi Technologies, Inc.
>
> 1600 10th Street Suite B
>
> Plano, TX  75074
>
> (800) 695-1258
>
> supp...@tditechnologies.com
>
>
>
> *From:* Juan Liu <liuj...@cn.ibm.com>
> *Sent:* Wednesday, January 12, 2022 8:50 AM
> *To:* user@spark.apache.org
> *Cc:* Theodore J Griesenbrock <t...@ibm.com>
> *Subject:* Does Spark 3.1.2/3.2 support log4j 2.17.1+, and how? your
> target release day for Spark3.3?
>
>
>
> Dear Spark support,
>
> Due to the known log4j security issue, we are required to upgrade log4j
> version to 2.17.1. Currently, we use Spark3.1.2 with default log4j 1.2.17.
> Also we found log4j configuration document here:
> https://spark.apache.org/docs/3.2.0/configuration.html#configuring-logging
>
> Our questions:
>
>    - Does Spark 3.1.2 support log4j v2.17.1? how to upgrade log4j from
>    1.* to 2.17.1 in Spark? would you pls help to provide guidance?
>    - If Spark 3.1.2 doesn't support log4j v2.17.1, then how about Spark
>    3.2? pls also help to provide guidance, thanks!
>    - We found Spark 3.3 will support log4j migrate from 1 to 2 in this
>    ticket: https://issues.apache.org/jira/browse/SPARK-37814, also I
>    noticed all sub-tasks are done except one.  it's awesome! would you pls
>    help to advise your target release day? if it's in very near future, like
>    Jan, maybe we can wait for 3.3.
>
>
> BTW, as log4j issue is very popular security issue, it's better if Spark
> team could post the solution directly in security page (
> https://spark.apache.org/security.html) to benefit end user.
>
> Anyway, thank you so much for providing such a powerful tool for us, and
> thanks for your patience to read and reply this mail. Have a good day!
>
> *Juan Liu (**刘娟**) **PMP**®*
>
> Release Management, Watson Health, China Development Lab
> Email: liuj...@cn.ibm.com
> Phone: 86-10-82452506
>
>
>
>

Reply via email to