You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Spark uses log4j, but I don't think the CVE-2021-44228 vulnerability exposes our application, since we don't expose the Spark UI, and since the data pipeline flows only one way (into the rest of the application from Spark); the only way to interact with Spark is from the command line. But best practice would be either to apply the log4j patch or add the command-line parameter to the Dockerfile to disable the problematic log4j property at startup.
The text was updated successfully, but these errors were encountered:
Spark uses log4j, but I don't think the CVE-2021-44228 vulnerability exposes our application, since we don't expose the Spark UI, and since the data pipeline flows only one way (into the rest of the application from Spark); the only way to interact with Spark is from the command line. But best practice would be either to apply the log4j patch or add the command-line parameter to the Dockerfile to disable the problematic log4j property at startup.
The text was updated successfully, but these errors were encountered: