Can we safely remove log4j-1.2.17.jar from spark/client-lib/ if we haven't enabled Analytics in DSE?

Question

Bringing together the Apache Cassandra experts from the community and DataStax.

Want to learn? Have a question? Want to share your expertise? You are in the right place!

Not sure where to begin? Getting Started

This question was closed Apr 27 at 08:43 AM by Erick Ramirez for the following reason: Other

question

yun asked Apr 27, '22 Erick Ramirez edited Apr 27, '22

Can we safely remove log4j-1.2.17.jar from spark/client-lib/ if we haven't enabled Analytics in DSE?

Hello,

We found log4j-1.2.17.jar under path /usr/share/dse/spark/client-lib/, which has multiple vulnerabilities.

Since we didn't enable spark, could we safely remove this jar file?

# Start the node in Spark mode
SPARK_ENABLED=0

Thanks

dse

10 |1000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

DataStax Enterprise is powered by the best distribution of Apache Cassandra ™

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.

Privacy Policy Terms of Use

Answer 1 · 2022-04-27T07:42:16Z

jaroslaw.grabowski_50515 answered Apr 27, '22

Yes, it can be safely removed in that case.

Share

10 |1000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

question

Can we safely remove log4j-1.2.17.jar from spark/client-lib/ if we haven't enabled Analytics in DSE?

1 Answer

question details

OTHER RESOURCES

question

Can we safely remove log4j-1.2.17.jar from spark/client-lib/ if we haven't enabled Analytics in DSE?

1 Answer

question details

Related Questions

OTHER RESOURCES