Home > Back-end >  How to check Databricks cluster for Log4J vulnerability?
How to check Databricks cluster for Log4J vulnerability?

Time:12-15

I'm using a Databricks cluster version 7.3 LTS with Scala 2.12. This version does use Log4J.

The official docs say that it uses Log4J version 1.2.17. Does this mean I do not have this vulnerability? And if I do, can I manually patch it on the cluster or do I need to upgrade the cluster to the next LTS version?

CodePudding user response:

As you wrote most Databricks clusters use 1.2.17 so it is different version and version affected by vulnerability is not used by Databricks.

Only one problem is when you install different version by yourself on the cluster. Even when you installed affected version you can mitigate the problem by setting Spark config in cluster advanced config as below:

spark.driver.extraJavaOptions "-Dlog4j2.formatMsgNoLookups=true"
spark.executor.extraJavaOptions "-Dlog4j2.formatMsgNoLookups=true"

CodePudding user response:

you get complete e2e update on this here : https://databricks.com/blog/2021/12/13/log4j2-vulnerability-cve-2021-44228-research-and-assessment.html

Page link:https//www.codepudding.com/Backend/227929.html

Prev:Azure IoT Hub trigger Azure Function
Next:Custom naming convention for AKS resources
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding