Reputation: 767
How to check Databricks cluster for Log4J vulnerability?
I'm using a Databricks cluster version 7.3 LTS with Scala 2.12. This version does use Log4J.
The official docs say that it uses Log4J version 1.2.17. Does this mean I do not have this vulnerability? And if I do, can I manually patch it on the cluster or do I need to upgrade the cluster to the next LTS version?
Upvotes: 7
Views: 2231
Answers (2)
Reputation: 2338
you get complete e2e update on this here : https://databricks.com/blog/2021/12/13/log4j2-vulnerability-cve-2021-44228-research-and-assessment.html
Upvotes: 1
Reputation: 1722
As you wrote most Databricks clusters use 1.2.17 so it is different version and version affected by vulnerability is not used by Databricks.
Only one problem is when you install different version by yourself on the cluster. Even when you installed affected version you can mitigate the problem by setting Spark config in cluster advanced config as below:
spark.driver.extraJavaOptions "-Dlog4j2.formatMsgNoLookups=true"
spark.executor.extraJavaOptions "-Dlog4j2.formatMsgNoLookups=true"
Upvotes: 7
Related Questions
- log4j:ERROR Error sending logging event to Log Analytics
- How do i configure azure databricks with log4j2
- how to find log4j version in azure databricks notebook
- How to search for log4j vulnerability?
- Cassandra 4.0 vulnerable log4j mitigation
- How to check if our system has been exploited by log4j vulnerability?
- How to check for log4j vulnerability on windows (surface go)
- Is log4j vulnerable? Sample code to test the vulnerability
- Where to find logs for databricks workspace?
- How to get job/run level logs in Databricks?