Title
#announcements
datajoely

datajoely

12/13/2021, 5:46 PM
Regarding 
CVE-2021-44228
 log4j RCE - Kedro supply chain is not affected - Kedro supports PySpark 
pyspark>=2.2, <4.0
 as an optional dependency- All versions of PySpark (and Hive use) use log4j version 
1.2.17
 out of the box- The issue affects versions log4j  
>2.10
 and is fixed in 
2.15.0
- Unless your cluster has manually updated your version of logger you should not be affected (ironically older version helps here)