Currently there is a problem with upgrading Log4j 2 to 2.15.0, so you could use a quickfix by adding kubernetes/conf/hive-log4j2.properties:
log4j2.formatMsgNoLookups=true
Or, you rebuild the Docker image after adding -Dlog4j2.formatMsgNoLookups=true' in hive/hive/hive-setup.sh, hive_setup_config_hive_logs:
export HADOOP_OPTS="-Dlog4j2.formatMsgNoLookups=true -Dhive.log.dir=$output_dir -Dhive.log.file=$log_filename"
MR3 DAGAppMaster should be safe as long as Prometheus is not enabled.
We will release a new Docker image with MR3 1.4. Due to additional CVEs discovered lately, we will try to upgrade Log4j2 to 2.16+.
Cheers,
--- Sungwoo