Hey, about the recent log4j security issue.
dagster_spark uses spark which uses log4j 1.2.17, which is not effected, but still has vulnerabilities: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
Are there any recommendations, planned changes or more info on this?
👍 1
d
daniel
12/13/2021, 11:02 PM
Hi peter - since dagster users manage their own spark installations, I don't think we were planning any dagster-specific changes (other than recommending that users incorporate whatever security changes are made to spark to mitigate the security issue. I don't believe we have any pins or anything that should prevent people from upgrading.