Tinu Jose created LIVY-878:
------------------------------
Summary: Log4j upgrade for Livy 0.7.0 version
Key: LIVY-878
URL: https://issues.apache.org/jira/browse/LIVY-878
Project: Livy
Issue Type: Bug
Reporter: Tinu Jose
We are looking for an advise from you in context of the below mentioned issue:
*A high severity vulnerability (CVE-2021-44228) impacting multiple versions of
the Apache Log4j 2 utility was disclosed publicly via the project’s GitHub on
December 9, 2021.*
*The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.*
Apache Livy version 0.7.0 version is being used by our team for processing the
spark jobs . It uses the Log4j 1.x.x. which is not having any continued support.
We would like to upgrade the Log4j versions to the latest stable version 2.15
without having any impact on the installations .
Could you please recommend the possible ways to do the upgrade .Please note ,
we are not looking to upgrade the Livy version to 0.7.1 to resolve this issue .
Our requirement is to retain the current installed version and configurations
with only changes in the Log4j versions
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
