[
https://issues.apache.org/jira/browse/SPARK-6305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466876#comment-17466876
]
Steve Loughran commented on SPARK-6305:
---------------------------------------
If anyone wants a version of a log4j 1.17 without the known (and never used)
CVE, you could grab the Cloudera patched JAR. ASF projects are not allowed to
release their own builds of other projects, so I'm afraid you were not allowed
her to include this in Apache releases.
https://mvnrepository.com/artifact/log4j/log4j/1.2.17-cloudera1
You don't need to move to log4j 2, and if you are, now is a good time to look
at alternatives e.g. logback. I suspect this is what Hadoop will pick up in the
new year,
> Add support for log4j 2.x to Spark
> ----------------------------------
>
> Key: SPARK-6305
> URL: https://issues.apache.org/jira/browse/SPARK-6305
> Project: Spark
> Issue Type: Improvement
> Components: Build
> Reporter: Tal Sliwowicz
> Assignee: L. C. Hsieh
> Priority: Minor
> Fix For: 3.3.0
>
>
> log4j 2 requires replacing the slf4j binding and adding the log4j jars in the
> classpath. Since there are shaded jars, it must be done during the build.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
