On 2 (log4j) iirc, we didn't since the vulnerability only affects log4j 2.x and we're on 1.x
tg On Thu, Feb 16, 2023 at 1:42 PM Andrew Musselman <a...@apache.org> wrote: > Looking through our log I see some small improvements along with a new > version of ridge regression that haven't made it into a release. > > Along with that there are several tickets that would be good to get done > and into a release, including: > > Build failed on AArch64, Fedora 33: > https://issues.apache.org/jira/browse/MAHOUT-2139 (need a repro) > Update log4j: https://issues.apache.org/jira/browse/MAHOUT-2140 (need to > decide whether this is necessary) > Web site check: https://issues.apache.org/jira/browse/MAHOUT-2152 > Download page improvements: > https://issues.apache.org/jira/browse/MAHOUT-2153 > Update NOTICE: https://issues.apache.org/jira/browse/MAHOUT-2154 > and > Migrate off Travis: https://issues.apache.org/jira/browse/MAHOUT-2149 > which > is required now to roll a release out > > We have our community call next Wednesday where we can talk these issues > through but in the meantime please feel free to grab something and get it > going. > > Thanks! > > Best > Andrew >