log4j 1.2.17 in spark-core

[weiting-chen]

Describe the bug
There is a security mitigation for log4j 1.2.17 in Spark 3.1 and 3.2

To Reproduce
When running mvn test, spark will call log4j 1.2.17 as a dependency library.

Expected behavior
We should remove log4j 1.2.17 support.

Additional context
N/A

[HongW2019]

Hi @weiting-chen, about Changelog as we have talked previously , could you please help tag Gazelle branch-1.3 merged PRs and their corresponding closed issues. Merged PRs are only to be marked Release 1.3.0 in Projects item; corresponding closed issues are marked the tags with bug, feature or performance in label item, and also need to be marked Release 1.3.0 in Projects item for generating Changelog. Thanks a lot.

[weiting-chen]

Hi @weiting-chen, about Changelog as we have talked previously , could you please help tag Gazelle branch-1.3 merged PRs and their corresponding closed issues. Merged PRs are only to be marked Release 1.3.0 in Projects item; corresponding closed issues are marked the tags with bug, feature or performance in label item, and also need to be marked Release 1.3.0 in Projects item for generating Changelog. Thanks a lot.

Done to mark all the tags and Project items for branch 1.3's PR and Issues.
Please help to generate the Changlog.
Thanks.