Hey, about the recent log4j security issue. dagste...
# ask-community
Hey, about the recent log4j security issue. dagster_spark uses spark which uses log4j 1.2.17, which is not effected, but still has vulnerabilities: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 Are there any recommendations, planned changes or more info on this?
👍 1
Hi peter - since dagster users manage their own spark installations, I don't think we were planning any dagster-specific changes (other than recommending that users incorporate whatever security changes are made to spark to mitigate the security issue. I don't believe we have any pins or anything that should prevent people from upgrading.
Thanks for responding Daniel.