[LIVY-878] Log4j upgrade for Livy 0.8.0 version - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.8.0
Component/s: None
Labels:
None

Description

We are looking for an advise from you in context of the below mentioned issue:

A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly via the project’s GitHub on December 9, 2021.

The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.

Apache Livy version 0.7.0 version is being used by our team for processing the spark jobs . It uses the Log4j 1.x.x. which is not having any continued support.

We would like to upgrade the Log4j versions to the latest stable version 2.15 without having any impact on the installations .

Could you please recommend the possible ways to do the upgrade .Please note , we are not looking to upgrade the Livy version to 0.7.1 to resolve this issue .

Our requirement is to retain the current installed version and configurations with only changes in the Log4j versions

Attachments

Issue Links

Add Link

is related to

LIVY-884 replace log4jv1 usage - EOL and with multiple security vulnerabilities

Open

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Damon Cortesi

Reporter:: Tinu Jose

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 17/Dec/21 12:59

Updated:: 26/Apr/23 21:46

Resolved:: 26/Apr/23 21:46

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

Log4j upgrade for Livy 0.8.0 version

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Time Tracking

Agile

Slack

Issue deployment