[jira] [Created] (SPARK-38253) Migrate spark-sql Java library from log4j to slf4j

Fri, 18 Feb 2022 10:12:04 -0800 

Dhaval Shewale created SPARK-38253:
--------------------------------------

             Summary: Migrate spark-sql Java library from log4j to slf4j
                 Key: SPARK-38253
                 URL: https://issues.apache.org/jira/browse/SPARK-38253
             Project: Spark
          Issue Type: Dependency upgrade
          Components: Java API
    Affects Versions: 3.2.1
            Reporter: Dhaval Shewale


As there are numerous vulnerabilities in log4j and the project is no longer 
actively supported, Can we upgrade *spark-sql* Java library from log4j to slf4j.

This will also enable to easily integrate with log4j, logback and log4j2 
without a breaking change.

 

+*Maven Dependency*+

 

 

 

 

+*Vulnerabilities*+
{quote}{{---------------------------------------------------------------}}
{{| SEVERITY  |  LIBRARY                      |  ID             |}}
{{|---------- | ----------------------------- | ----------------|}}
{{| HIGH      |  log4j-1.2.17.jar             |  CVE-2019-17571 |}}
{{|---------- | ----------------------------- | ----------------|}}
{{| HIGH      |  log4j-1.2.17.jar             |  CVE-2020-9493  |}}
{{|---------- | ----------------------------- | ----------------|}}
{{| HIGH      |  log4j-1.2.17.jar             |  CVE-2021-4104  |}}
{{|---------- | ----------------------------- | ----------------|}}
{{| HIGH      |  log4j-1.2.17.jar             |  CVE-2022-23302 |}}
{{|---------- | ----------------------------- | ----------------|}}
{{| HIGH      |  log4j-1.2.17.jar             |  CVE-2022-23305 |}}
{{|---------- | ----------------------------- | ----------------|}}
{{| HIGH      |  log4j-1.2.17.jar             |  CVE-2022-23307 |}}
{{|---------- | ----------------------------- | ----------------|}}
{{| LOW       |  log4j-1.2.17.jar             |  CVE-2020-9488  |}}
{{---------------------------------------------------------------}}
{quote}
 

 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to