Good for me On Tue, Dec 14, 2021 at 6:13 AM Trevor Grant <trevor.d.gr...@gmail.com> wrote:
> Love this idea, how about Tuesday evenings, starting the 21st ( a week from > tonight ) > > On Mon, Dec 13, 2021 at 7:37 PM Andrew Musselman < > andrew.mussel...@gmail.com> > wrote: > > > Thanks Trevor; may be a good time to revive our online meetings to talk > > through this one.. > > > > I could find time during the holiday break pretty much any day; if anyone > > else is interested let us know if there's a good time to chat. > > > > On Mon, Dec 13, 2021 at 4:26 PM Trevor Grant <trevor.d.gr...@gmail.com> > > wrote: > > > > > Many of you have probably become aware of Log4j's vulnerability to > > > CVE-2021-44228 recently. > > > > > > Though Mahout is a sleepy project, we are vigilant and want you to know > > we > > > are aware of the issue and have been monitoring. > > > > > > First, let me assure you that since Mahout (like over 90% of log4j > users) > > > is on version 1.x it is not vulnerable to the JDNI remote execution > > attack > > > [1]. That said, 1.x was set for EOL in 2015, so it's probably time to > > > update that. I've made a JIRA ticket (MAHOUT-2140)[2]. > > > > > > The update isn't too complex, but it's also not trivial, and most > > > importantly it's not critical so you're not endangering anything > running > > > Mahout, and we'll hopefully get it in for the next release in a couple > of > > > months. > > > > > > Hope this helps everyone feel secure going into their holiday season. > > > > > > ~Trevor > > > > > > [1] http://slf4j.org/log4shell.html > > > [2] https://issues.apache.org/jira/projects/MAHOUT/issues/MAHOUT-2140 > > > > > >
