datajoely
12/13/2021, 5:46 PMCVE-2021-44228
log4j RCE - Kedro supply chain is not affected
- Kedro supports PySpark pyspark>=2.2, <4.0
as an optional dependency
- All versions of PySpark (and Hive use) use log4j version 1.2.17
out of the box
- The issue affects versions log4j >2.10
and is fixed in 2.15.0
- Unless your cluster has manually updated your version of logger you should not be affected (ironically older version helps here)