Hive3 log4j2 version

17 views
Skip to first unread message

xiang chen

unread,
Dec 19, 2021, 9:23:19 PM12/19/21
to MR3
Hi~
I had tried to changing log4j2 jars from 2.10.0 to 2.1.5.0 (reasons based on [CVE-2021-44228]). I've found that other pods are running normally, but the mr3master pod will fail to find the log4j2 method. Could you please provide an image based on the new version of log4j2?

Sungwoo Park

unread,
Dec 20, 2021, 4:38:42 AM12/20/21
to MR3
Currently there is a problem with upgrading Log4j 2 to 2.15.0, so you could use a quickfix by adding kubernetes/conf/hive-log4j2.properties:

log4j2.formatMsgNoLookups=true

Or, you rebuild the Docker image after adding -Dlog4j2.formatMsgNoLookups=true' in hive/hive/hive-setup.sh, hive_setup_config_hive_logs:

export HADOOP_OPTS="-Dlog4j2.formatMsgNoLookups=true -Dhive.log.dir=$output_dir -Dhive.log.file=$log_filename"

MR3 DAGAppMaster should be safe as long as Prometheus is not enabled.

We will release a new Docker image with MR3 1.4. Due to additional CVEs discovered lately, we will try to upgrade Log4j2 to 2.16+.

Cheers,

--- Sungwoo

Reply all
Reply to author
Forward
0 new messages