jongyoul commented on code in PR #4286: URL: https://github.com/apache/zeppelin/pull/4286#discussion_r853942778
########## zeppelin-interpreter-parent/pom.xml: ########## @@ -33,6 +33,35 @@ <version>0.9.0-SNAPSHOT</version> <name>Zeppelin: Interpreter Parent</name> + <properties> + <log4j2.version>2.17.1</log4j2.version> + </properties> + + <dependencyManagement> + <dependencies> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-1.2-api</artifactId> Review Comment: In my understanding, Log4j1 has a potential security issue but Zeppelin doesn't use the methods which are known issues. Of course, I agree with you but we might need to investigate other components including old versions of Spark and Flink. So this PR looks fine still and let's discuss the security issues in another channel -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@zeppelin.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org