Databricks 10.4 LTS documentation

ROVERE Lorenzo 21 Reputation points
2022-03-31T12:42:49.727+00:00

Hi,

I have one question about 10.4 LTS version:

the documentation (https://docs.databricks.com/release-notes/runtime/10.4.html) says it has log4j 1.2.17 version, but if I create a cluster and run a notebook with this code:

import org.apache.logging.log4j.core.Version
println(Version.getProductString)

or this one (taken from here https://kb.databricks.com/libraries/verify-log4j-version.html#scan-the-classpath):

{
  import scala.util.{Try, Success, Failure}
  import java.lang.ClassNotFoundException
  Try(Class.forName("org.apache.logging.log4j.core.Logger", false, this.getClass.getClassLoader)) match {
    case Success(loggerCls) =>
      Option(loggerCls.getPackage) match {
          case Some(pkg) =>
            println(s"Version: ${pkg.getSpecificationTitle} ${pkg.getSpecificationVersion}")
          case None =>
            println("Could not determine Log4J 2 version")
      }
    case Failure(e: ClassNotFoundException) =>
      println("Could not load Log4J 2 class")
    case Failure(e) =>
      println(s"Unexpected Error: $e")
      throw e
  }
}

The output is Apache Log4j Core 2.17.1

Is there an error on the documentation? Does this runtime version fix the log4j vulnerability?

Thanks

Azure Databricks
Azure Databricks
An Apache Spark-based analytics platform optimized for Azure.
2,175 questions
0 comments No comments
{count} votes

Accepted answer
  1. PRADEEPCHEEKATLA-MSFT 89,466 Reputation points Microsoft Employee
    2022-04-01T05:57:01.08+00:00

    Hello @ROVERE Lorenzo ,

    Thanks for the question and using MS Q&A platform.

    Yes, you are correct. It shows as Apache Log4j Core 2.17.1, I will reach out to the product team to update the version in the Databricks Release notes.

    Note: And for any document changes, you need to leave an feedback at the bottom of the page: Databricks Runtime 10.4 LTS:

    188850-image.png

    Does this runtime version fix the log4j vulnerability?

    Yes, fixed in Log4j 2.17.1 version.

    As per the repro, I had created cluster with Databricks Runtime Version: 10.4 LTS (includes Apache Spark 3.2.1, Scala 2.12).

    189005-image.png

    Run the above code on the created cluster and it shows as Apache Log4j Core 2.17.1.

    189023-image.png

    Hope this will help. Please let us know if any further queries.

    ------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.