[
https://issues.apache.org/jira/browse/SPARK-39465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17554844#comment-17554844
]
Josh Rosen edited comment on SPARK-39465 at 6/16/22 1:21 AM:
-------------------------------------------------------------
Spark uses Log4J 2.x starting in Spark 3.3.0+; see SPARK-37814
The migration from Log4J 1.x to Log4J 2.x is too large of a change for us to
backport to existing Spark versions (see [related discussion on another
ticket|https://issues.apache.org/jira/browse/SPARK-37883?focusedCommentId=17481521&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17481521]).
As a result, if you want to use Log4J 2.x then you will need to upgrade to
Spark 3.3.0.
The [Spark 3.3.0 release vote just passed
yesterday|https://lists.apache.org/thread/zg6k1spw6k1c7brgo6t7qldvsqbmfytm], so
the release should be published in the next couple of days.
was (Author: joshrosen):
Spark uses Log4J 2.x starting in Spark 3.3.0+; see SPARK-37814
The migration from Log4J 1.x to Log4J 2.x is too large of a change for us to
backport to existing Spark versions (see related discussion on another ticket).
As a result, if you want to use Log4J 2.x then you will need to upgrade to
Spark 3.3.0.
The [Spark 3.3.0 release vote just passed
yesterday|https://lists.apache.org/thread/zg6k1spw6k1c7brgo6t7qldvsqbmfytm], so
the release should be published in the next couple of days.
> Log4j version upgrade to 2.17.2
> -------------------------------
>
> Key: SPARK-39465
> URL: https://issues.apache.org/jira/browse/SPARK-39465
> Project: Spark
> Issue Type: Dependency upgrade
> Components: Java API
> Affects Versions: 3.2.1
> Environment: Production
> Reporter: Chethan G B
> Priority: Major
>
> Hi Team,
> There were talks about upgrading log4j to latest version available as part of
> security fix.
> Wanted to know, if it is already upgraded.
>
> Note: We are using below dependencies,
>
> <dependency>
> <groupId>org.apache.spark</groupId>
> <artifactId>spark-core_2.12</artifactId>
> <version>3.0.1</version>
> </dependency>
> <dependency>
> <groupId>org.apache.spark</groupId>
> <artifactId>spark-sql_2.12</artifactId>
> <version>3.0.1</version>
> </dependency>
> Kindly let us know when the log4j upgrade will be available for users ?
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
