[ML-161] Excluding log4j 1.x dependency from Spark core to avoid log4… (

#162)

* [ML-161] Excluding log4j 1.x dependency from Spark core to avoid log4j vulnerability

* Add comments about security concerns

examples/als/pom.xml

@@ -37,6 +37,17 @@
       <artifactId>spark-sql_2.12</artifactId>
       <version>${spark.version}</version>
       <scope>provided</scope>
+      <!--This is needed to exclude log4j1.x from Spark core dependency to avoid vulnerabilities -->
+      <exclusions>
+        <exclusion>
+          <groupId>org.slf4j</groupId>
+          <artifactId>slf4j-log4j12</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>

examples/correlation/pom.xml

@@ -37,6 +37,17 @@
       <artifactId>spark-sql_2.12</artifactId>
       <version>${spark.version}</version>
       <scope>provided</scope>
+      <!--This is needed to exclude log4j1.x from Spark core dependency to avoid vulnerabilities -->
+      <exclusions>
+        <exclusion>
+          <groupId>org.slf4j</groupId>
+          <artifactId>slf4j-log4j12</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>

examples/kmeans/pom.xml

@@ -37,6 +37,17 @@
       <artifactId>spark-sql_2.12</artifactId>
       <version>${spark.version}</version>
       <scope>provided</scope>
+      <!--This is needed to exclude log4j1.x from Spark core dependency to avoid vulnerabilities -->
+      <exclusions>
+        <exclusion>
+          <groupId>org.slf4j</groupId>
+          <artifactId>slf4j-log4j12</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>

examples/linear-regression/pom.xml

@@ -37,6 +37,17 @@
       <artifactId>spark-sql_2.12</artifactId>
       <version>${spark.version}</version>
       <scope>provided</scope>
+      <!--This is needed to exclude log4j1.x from Spark core dependency to avoid vulnerabilities -->
+      <exclusions>
+        <exclusion>
+          <groupId>org.slf4j</groupId>
+          <artifactId>slf4j-log4j12</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>

examples/naive-bayes/pom.xml

@@ -37,6 +37,17 @@
       <artifactId>spark-sql_2.12</artifactId>
       <version>${spark.version}</version>
       <scope>provided</scope>
+      <!--This is needed to exclude log4j1.x from Spark core dependency to avoid vulnerabilities -->
+      <exclusions>
+        <exclusion>
+          <groupId>org.slf4j</groupId>
+          <artifactId>slf4j-log4j12</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>

examples/pca/pom.xml

@@ -37,6 +37,17 @@
       <artifactId>spark-sql_2.12</artifactId>
       <version>${spark.version}</version>
       <scope>provided</scope>
+      <!--This is needed to exclude log4j1.x from Spark core dependency to avoid vulnerabilities -->
+      <exclusions>
+        <exclusion>
+          <groupId>org.slf4j</groupId>
+          <artifactId>slf4j-log4j12</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>

examples/summarizer/pom.xml

@@ -37,6 +37,17 @@
       <artifactId>spark-sql_2.12</artifactId>
       <version>${spark.version}</version>
       <!--<scope>provided</scope>-->
+      <!--This is needed to exclude log4j1.x from Spark core dependency to avoid vulnerabilities -->
+      <exclusions>
+        <exclusion>
+          <groupId>org.slf4j</groupId>
+          <artifactId>slf4j-log4j12</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>

mllib-dal/pom.xml

@@ -69,6 +69,17 @@
             <artifactId>spark-core_2.12</artifactId>
             <version>${spark.version}</version>
             <scope>provided</scope>
+            <!--This is needed to exclude log4j1.x from Spark core dependency to avoid vulnerabilities -->
+            <exclusions>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-log4j12</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>log4j</groupId>
+                    <artifactId>log4j</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.apache.spark</groupId>