[
https://issues.apache.org/jira/browse/LIVY-878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17702942#comment-17702942
]
Damon Cortesi commented on LIVY-878:
------------------------------------
New pull request open here: https://github.com/apache/incubator-livy/pull/392
I think we should merge LIVY-972 first as that has automated unit/integration
test updates. https://github.com/apache/incubator-livy/pull/393
> Log4j upgrade for Livy 0.8.0 version
> -------------------------------------
>
> Key: LIVY-878
> URL: https://issues.apache.org/jira/browse/LIVY-878
> Project: Livy
> Issue Type: Sub-task
> Reporter: Tinu Jose
> Assignee: Damon Cortesi
> Priority: Major
> Fix For: 0.8.0
>
>
> We are looking for an advise from you in context of the below mentioned issue:
>
> *A high severity vulnerability (CVE-2021-44228) impacting multiple versions
> of the Apache Log4j 2 utility was disclosed publicly via the project’s GitHub
> on December 9, 2021.*
> *The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.*
>
> Apache Livy version 0.7.0 version is being used by our team for processing
> the spark jobs . It uses the Log4j 1.x.x. which is not having any continued
> support.
> We would like to upgrade the Log4j versions to the latest stable version
> 2.15 without having any impact on the installations .
>
> Could you please recommend the possible ways to do the upgrade .Please note ,
> we are not looking to upgrade the Livy version to 0.7.1 to resolve this issue
> .
> Our requirement is to retain the current installed version and configurations
> with only changes in the Log4j versions
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
