dannymeijer commented on pull request #34877: URL: https://github.com/apache/spark/pull/34877#issuecomment-992358964
> This CVE issue have no impact on spark, we don't need to do anything. I don't think we need to update to log4j2 @AngersZhuuuu Could not disagree more. I'm seeing Log4J version 1.2.17 being used in the Spark 3.2 image (build from latest) that we are deploying. This version was EOL way back in 2015 already. This PR needs highest possible priority to ensure that this CVE is definitely not affecting Spark as well as make it future proof for the foreseeable future. source: https://logging.apache.org/log4j/1.2/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
