Re: Log4j upgrade to 2.x in hadoop for vulnerability fix

Hi Pulkit, Hadoop does not use those log4j network classes unless the user and the administrator configured the setting explicitly. The issue is tracked by [HADOOP-16206] Migrate from Log4j1 to Log4j2 - ASF JIRA (apache.org) Thanks, Akira On

Log4j upgrade to 2.x in hadoop for vulnerability fix

Hi, Hadoop uses log4j1 even in latest versions. I am concerned about the log4j1 vulnerabilities related to network listening. Wanted to know the risk for keep using log4j1 in Hadoop. Does it uses those log4j network classes? If no, can we completely remove it? If yes, how can we lessen the