Details
Major Description
Hi,
Recently, we migrated apache spark 2.4.2 source from log4j 1.x to 2.x using below jars where it is used the log4j-1.2.17.jar in the pom.
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.13.0</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.13.0</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
<version>2.13.0</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-1.2-api</artifactId>
<version>2.13.0</version>
</dependency>
It is using a lot of third-party libraries and some of the thrd-party libraries are using the log4j-1.2.17.jar project. We identified log4j jars with the help of "mvn dependency:tree" CLI command and excluded the log4j-1.2.17 jars as shown below. Please find the excluded log4j 1.x dependencies wherever it is using log4j 1.2.17 as project/module dependency jar.
<dependency>
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client</artifactId>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
</exclusions>
</dependency>
After packaging spark project and observed that log4j-1.2.17.jar in jars directory of the spark.tgz file. But we did not find in the project as dependency or sub-dependency.
Now, my questions:- If we delete the log4j-.1.2.17.jar from the spark -**.tgz then Is it impact any functionality of third party libraries?
Kindly provide your suggestion.