RE: Log4J Vulnerability

2021-12-16 Thread Pastrana, Rodrigo (RIS-BCT) 
FYI found a couple of relevant Jiras:
https://issues.apache.org/jira/browse/ZEPPELIN-5613
https://issues.apache.org/jira/browse/ZEPPELIN-3527
https://issues.apache.org/jira/browse/ZEPPELIN-5452

Unfortunately none seem to be active.

From: Pastrana, Rodrigo (RIS-BCT) 
Sent: Thursday, December 16, 2021 12:46 PM
To: users@zeppelin.apache.org
Cc: dev 
Subject: RE: Log4J Vulnerability

Thanks Markus, that confirms my understanding.
Also, I believe log4j1 is at end-of-life and susceptible to other security 
vulnerabilities which is why I’m looking forward to an official statement from 
the Zeppelin project.

From: Markus Härnvi mailto:mar...@harnvi.net>>
Sent: Thursday, December 16, 2021 12:23 PM
To: users@zeppelin.apache.org<mailto:users@zeppelin.apache.org>
Cc: dev mailto:d...@zeppelin.apache.org>>
Subject: Re: Log4J Vulnerability


*** External email: use caution ***



1.2.17 is from the old 1.0 branch and not affected by CVE-2021-44228. Versions 
1.* never had the JNDI lookup code.

It is only log4j 2 that is vulnerable. Fixed in 2.15 and an enhanced fix in 
2.16.

/Markus

On 16 Dec 2021 at 17:39:44, Jack Park 
mailto:jackp...@topicquests.org>> wrote:
The pom.xml says log4j is version 1.2.17 which, if I am not mistaken, is the 
patched version.
That's what is in github now - it says nothing (to me) about older versions in 
use.


On Thu, Dec 16, 2021 at 7:28 AM Pastrana, Rodrigo (RIS-BCT) 
mailto:rodrigo.pastr...@lexisnexisrisk.com>>
 wrote:
Is Zeppelin affected by the recently discovered log4j vulnerability?

I was not able to find an official announcement. Thanks.


The information contained in this e-mail message is intended only for the 
personal and confidential use of the recipient(s) named above. This message may 
be an attorney-client communication and/or work product and as such is 
privileged and confidential. If the reader of this message is not the intended 
recipient or an agent responsible for delivering it to the intended recipient, 
you are hereby notified that you have received this document in error and that 
any review, dissemination, distribution, or copying of this message is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by e-mail, and delete the original message.


The information contained in this e-mail message is intended only for the 
personal and confidential use of the recipient(s) named above. This message may 
be an attorney-client communication and/or work product and as such is 
privileged and confidential. If the reader of this message is not the intended 
recipient or an agent responsible for delivering it to the intended recipient, 
you are hereby notified that you have received this document in error and that 
any review, dissemination, distribution, or copying of this message is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by e-mail, and delete the original message.


The information contained in this e-mail message is intended only for the 
personal and confidential use of the recipient(s) named above. This message may 
be an attorney-client communication and/or work product and as such is 
privileged and confidential. If the reader of this message is not the intended 
recipient or an agent responsible for delivering it to the intended recipient, 
you are hereby notified that you have received this document in error and that 
any review, dissemination, distribution, or copying of this message is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by e-mail, and delete the original message.

RE: Log4J Vulnerability

2021-12-16 Thread Pastrana, Rodrigo (RIS-BCT) 
Thanks Markus, that confirms my understanding.
Also, I believe log4j1 is at end-of-life and susceptible to other security 
vulnerabilities which is why I’m looking forward to an official statement from 
the Zeppelin project.

From: Markus Härnvi 
Sent: Thursday, December 16, 2021 12:23 PM
To: users@zeppelin.apache.org
Cc: dev 
Subject: Re: Log4J Vulnerability


*** External email: use caution ***



1.2.17 is from the old 1.0 branch and not affected by CVE-2021-44228. Versions 
1.* never had the JNDI lookup code.

It is only log4j 2 that is vulnerable. Fixed in 2.15 and an enhanced fix in 
2.16.

/Markus

On 16 Dec 2021 at 17:39:44, Jack Park 
mailto:jackp...@topicquests.org>> wrote:
The pom.xml says log4j is version 1.2.17 which, if I am not mistaken, is the 
patched version.
That's what is in github now - it says nothing (to me) about older versions in 
use.


On Thu, Dec 16, 2021 at 7:28 AM Pastrana, Rodrigo (RIS-BCT) 
mailto:rodrigo.pastr...@lexisnexisrisk.com>>
 wrote:
Is Zeppelin affected by the recently discovered log4j vulnerability?

I was not able to find an official announcement. Thanks.


The information contained in this e-mail message is intended only for the 
personal and confidential use of the recipient(s) named above. This message may 
be an attorney-client communication and/or work product and as such is 
privileged and confidential. If the reader of this message is not the intended 
recipient or an agent responsible for delivering it to the intended recipient, 
you are hereby notified that you have received this document in error and that 
any review, dissemination, distribution, or copying of this message is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by e-mail, and delete the original message.


The information contained in this e-mail message is intended only for the 
personal and confidential use of the recipient(s) named above. This message may 
be an attorney-client communication and/or work product and as such is 
privileged and confidential. If the reader of this message is not the intended 
recipient or an agent responsible for delivering it to the intended recipient, 
you are hereby notified that you have received this document in error and that 
any review, dissemination, distribution, or copying of this message is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by e-mail, and delete the original message.

RE: Log4J Vulnerability

2021-12-16 Thread Pastrana, Rodrigo (RIS-BCT) 
Thanks Jack, I see that as well, but the concern is it seems that entry was 
added to the top-level pom 7 years ago, and I thought the recent patch was 
released in log4-core 2.15 and 2.16
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.16.0

Has Zeppelin avoided CVE-2021-44228 by virtue of targeting the older End of 
life log4j1?
If so, is there a plan to patch? Otherwise, is there an official announcement?


From: Jack Park 
Sent: Thursday, December 16, 2021 11:40 AM
To: users@zeppelin.apache.org
Cc: dev 
Subject: Re: Log4J Vulnerability


*** External email: use caution ***


The pom.xml says log4j is version 1.2.17 which, if I am not mistaken, is the 
patched version.
That's what is in github now - it says nothing (to me) about older versions in 
use.


On Thu, Dec 16, 2021 at 7:28 AM Pastrana, Rodrigo (RIS-BCT) 
mailto:rodrigo.pastr...@lexisnexisrisk.com>>
 wrote:
Is Zeppelin affected by the recently discovered log4j vulnerability?

I was not able to find an official announcement. Thanks.


The information contained in this e-mail message is intended only for the 
personal and confidential use of the recipient(s) named above. This message may 
be an attorney-client communication and/or work product and as such is 
privileged and confidential. If the reader of this message is not the intended 
recipient or an agent responsible for delivering it to the intended recipient, 
you are hereby notified that you have received this document in error and that 
any review, dissemination, distribution, or copying of this message is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by e-mail, and delete the original message.


The information contained in this e-mail message is intended only for the 
personal and confidential use of the recipient(s) named above. This message may 
be an attorney-client communication and/or work product and as such is 
privileged and confidential. If the reader of this message is not the intended 
recipient or an agent responsible for delivering it to the intended recipient, 
you are hereby notified that you have received this document in error and that 
any review, dissemination, distribution, or copying of this message is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by e-mail, and delete the original message.

Log4J Vulnerability

2021-12-16 Thread Pastrana, Rodrigo (RIS-BCT) 
Is Zeppelin affected by the recently discovered log4j vulnerability?

I was not able to find an official announcement. Thanks.


The information contained in this e-mail message is intended only for the 
personal and confidential use of the recipient(s) named above. This message may 
be an attorney-client communication and/or work product and as such is 
privileged and confidential. If the reader of this message is not the intended 
recipient or an agent responsible for delivering it to the intended recipient, 
you are hereby notified that you have received this document in error and that 
any review, dissemination, distribution, or copying of this message is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by e-mail, and delete the original message.

RE: RemoteInterpreterServer

2019-10-10 Thread Pastrana, Rodrigo (RIS-BCT) 
Yes, it’s a single node Zeppelin all interpreters run locally. It seems we just 
need to control the port range…

From: Jeff Zhang 
Sent: Thursday, October 10, 2019 11:03 AM
To: users 
Subject: Re: RemoteInterpreterServer


*** External email: use caution ***


What do you mean running zeppelin in container ? Do you run just zeppelin 
server in container or run interpreter in container as well ?

Pastrana, Rodrigo (RIS-BCT) 
mailto:rodrigo.pastr...@lexisnexisrisk.com>>
 于2019年10月10日周四 下午9:49写道:
We’re running zeppelin on a container which requires us to explicitly open 
ports. It seems the  RemoteInterpreterServer callback port is assigned random 
ports:

RemoteInterpreterServer Registered: CallbackInfo(host:10.240.38.39, port:44274)

Is there a configuration option we can use to constrain the ports used to a 
given range? Thanks.

Thanks.
Rodrigo Pastrana
Software Architect – HPCC Systems
LexisNexis   |   Risk Solutions
561.999.3965  Direct
rodrigo.pastr...@lexisnexisrisk.com<mailto:rodrigo.pastr...@lexisnexisrisk.com>

Follow us on 
LinkedIn<http://www.linkedin.com/groups/LexisNexis-Risk-4058071/about>, 
Twitter<http://twitter.com/lexisnexisrisk> and 
Facebook<http://www.facebook.com/LexisNexisRisk>



The information contained in this e-mail message is intended only for the 
personal and confidential use of the recipient(s) named above. This message may 
be an attorney-client communication and/or work product and as such is 
privileged and confidential. If the reader of this message is not the intended 
recipient or an agent responsible for delivering it to the intended recipient, 
you are hereby notified that you have received this document in error and that 
any review, dissemination, distribution, or copying of this message is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by e-mail, and delete the original message.


--
Best Regards

Jeff Zhang


The information contained in this e-mail message is intended only for the 
personal and confidential use of the recipient(s) named above. This message may 
be an attorney-client communication and/or work product and as such is 
privileged and confidential. If the reader of this message is not the intended 
recipient or an agent responsible for delivering it to the intended recipient, 
you are hereby notified that you have received this document in error and that 
any review, dissemination, distribution, or copying of this message is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by e-mail, and delete the original message.

RemoteInterpreterServer

2019-10-10 Thread Pastrana, Rodrigo (RIS-BCT) 
We're running zeppelin on a container which requires us to explicitly open 
ports. It seems the  RemoteInterpreterServer callback port is assigned random 
ports:

RemoteInterpreterServer Registered: CallbackInfo(host:10.240.38.39, port:44274)

Is there a configuration option we can use to constrain the ports used to a 
given range? Thanks.

Thanks.
Rodrigo Pastrana
Software Architect - HPCC Systems
LexisNexis   |   Risk Solutions
561.999.3965  Direct
rodrigo.pastr...@lexisnexisrisk.com

Follow us on 
LinkedIn, 
Twitter and 
Facebook



The information contained in this e-mail message is intended only for the 
personal and confidential use of the recipient(s) named above. This message may 
be an attorney-client communication and/or work product and as such is 
privileged and confidential. If the reader of this message is not the intended 
recipient or an agent responsible for delivering it to the intended recipient, 
you are hereby notified that you have received this document in error and that 
any review, dissemination, distribution, or copying of this message is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by e-mail, and delete the original message.

RE: 0.9 Zeppelin release schedule

2019-05-29 Thread Pastrana, Rodrigo (RIS-BCT) 
Jeff, it looks like there’s already a PR for something very similar, but it 
seems to have stalled: https://github.com/apache/zeppelin/pull/2891
What can we do to revive that project? Thanks.

From: Jeff Zhang 
Sent: Wednesday, May 29, 2019 2:47 AM
To: users 
Subject: Re: 0.9 Zeppelin release schedule


*** External email: use caution ***


Make sense, feel free to create a ticket for it.

Pastrana, Rodrigo (RIS-BCT) 
mailto:rodrigo.pastr...@lexisnexisrisk.com>>
 于2019年5月29日周三 上午2:04写道:
Jeff, we were interested in the password input for forms, but found it wasn’t 
as secure as we hoped since it stores passwords in notebooks and made them 
accessible to all users. We’re looking for a mechanism to store custom 
credentials (our users will need to provide user/pass to access our backend) 
via spark and pyspark interpreters. Storing them in plain text in the notebooks 
is not an option… Thanks.

From: Jeff Zhang mailto:zjf...@gmail.com>>
Sent: Monday, May 13, 2019 11:25 AM
To: users mailto:users@zeppelin.apache.org>>
Subject: Re: 0.9 Zeppelin release schedule


*** External email: use caution ***


We would discuss in dev mail list for the exact release date.
BTW what feature are you interested in ? And what kind of issues do you hit ?


Pastrana, Rodrigo (RIS-BCT) 
mailto:rodrigo.pastr...@lexisnexisrisk.com>>
 于2019年5月13日周一 下午11:14写道:
Thanks Jeff, I hope it would be this summer as well, but do you know if that’s 
an actual target by the apache team?

There are a couple of features we’re very interested in. Currently experiencing 
issues building the branch locally…
Thanks!

From: Jeff Zhang mailto:zjf...@gmail.com>>
Sent: Monday, May 13, 2019 10:59 AM
To: users mailto:users@zeppelin.apache.org>>
Subject: Re: 0.9 Zeppelin release schedule


*** External email: use caution ***


No exact release date planned, I hope it would be in this summer.



Pastrana, Rodrigo (RIS-BCT) 
mailto:rodrigo.pastr...@lexisnexisrisk.com>>
 于2019年5月13日周一 下午10:56写道:
Hello Zeppelin community,
Do we know when to expect 0.9 pre-built packages made available? Thanks.


 The information contained in this 
e-mail message is intended only for the personal and confidential use of the 
recipient(s) named above. This message may be an attorney-client communication 
and/or work product and as such is privileged and confidential. If the reader 
of this message is not the intended recipient or an agent responsible for 
delivering it to the intended recipient, you are hereby notified that you have 
received this document in error and that any review, dissemination, 
distribution, or copying of this message is strictly prohibited. If you have 
received this communication in error, please notify us immediately by e-mail, 
and delete the original message.


--
Best Regards

Jeff Zhang

 The information contained in this 
e-mail message is intended only for the personal and confidential use of the 
recipient(s) named above. This message may be an attorney-client communication 
and/or work product and as such is privileged and confidential. If the reader 
of this message is not the intended recipient or an agent responsible for 
delivering it to the intended recipient, you are hereby notified that you have 
received this document in error and that any review, dissemination, 
distribution, or copying of this message is strictly prohibited. If you have 
received this communication in error, please notify us immediately by e-mail, 
and delete the original message.


--
Best Regards

Jeff Zhang

 The information contained in this 
e-mail message is intended only for the personal and confidential use of the 
recipient(s) named above. This message may be an attorney-client communication 
and/or work product and as such is privileged and confidential. If the reader 
of this message is not the intended recipient or an agent responsible for 
delivering it to the intended recipient, you are hereby notified that you have 
received this document in error and that any review, dissemination, 
distribution, or copying of this message is strictly prohibited. If you have 
received this communication in error, please notify us immediately by e-mail, 
and delete the original message.


--
Best Regards

Jeff Zhang


 The information contained in this 
e-mail message is intended only for the personal and confidential use of the 
recipient(s) named above. This message may be an attorney-client communication 
and/or work product and as such is privileged and confidential. If the reader 
of this message is not the intended recipient or an agent responsible for 
delivering it to the i

RE: 0.9 Zeppelin release schedule

2019-05-28 Thread Pastrana, Rodrigo (RIS-BCT) 
Jeff, we were interested in the password input for forms, but found it wasn’t 
as secure as we hoped since it stores passwords in notebooks and made them 
accessible to all users. We’re looking for a mechanism to store custom 
credentials (our users will need to provide user/pass to access our backend) 
via spark and pyspark interpreters. Storing them in plain text in the notebooks 
is not an option… Thanks.

From: Jeff Zhang 
Sent: Monday, May 13, 2019 11:25 AM
To: users 
Subject: Re: 0.9 Zeppelin release schedule


*** External email: use caution ***


We would discuss in dev mail list for the exact release date.
BTW what feature are you interested in ? And what kind of issues do you hit ?


Pastrana, Rodrigo (RIS-BCT) 
mailto:rodrigo.pastr...@lexisnexisrisk.com>>
 于2019年5月13日周一 下午11:14写道:
Thanks Jeff, I hope it would be this summer as well, but do you know if that’s 
an actual target by the apache team?

There are a couple of features we’re very interested in. Currently experiencing 
issues building the branch locally…
Thanks!

From: Jeff Zhang mailto:zjf...@gmail.com>>
Sent: Monday, May 13, 2019 10:59 AM
To: users mailto:users@zeppelin.apache.org>>
Subject: Re: 0.9 Zeppelin release schedule


*** External email: use caution ***


No exact release date planned, I hope it would be in this summer.



Pastrana, Rodrigo (RIS-BCT) 
mailto:rodrigo.pastr...@lexisnexisrisk.com>>
 于2019年5月13日周一 下午10:56写道:
Hello Zeppelin community,
Do we know when to expect 0.9 pre-built packages made available? Thanks.


 The information contained in this 
e-mail message is intended only for the personal and confidential use of the 
recipient(s) named above. This message may be an attorney-client communication 
and/or work product and as such is privileged and confidential. If the reader 
of this message is not the intended recipient or an agent responsible for 
delivering it to the intended recipient, you are hereby notified that you have 
received this document in error and that any review, dissemination, 
distribution, or copying of this message is strictly prohibited. If you have 
received this communication in error, please notify us immediately by e-mail, 
and delete the original message.


--
Best Regards

Jeff Zhang

 The information contained in this 
e-mail message is intended only for the personal and confidential use of the 
recipient(s) named above. This message may be an attorney-client communication 
and/or work product and as such is privileged and confidential. If the reader 
of this message is not the intended recipient or an agent responsible for 
delivering it to the intended recipient, you are hereby notified that you have 
received this document in error and that any review, dissemination, 
distribution, or copying of this message is strictly prohibited. If you have 
received this communication in error, please notify us immediately by e-mail, 
and delete the original message.


--
Best Regards

Jeff Zhang


 The information contained in this 
e-mail message is intended only for the personal and confidential use of the 
recipient(s) named above. This message may be an attorney-client communication 
and/or work product and as such is privileged and confidential. If the reader 
of this message is not the intended recipient or an agent responsible for 
delivering it to the intended recipient, you are hereby notified that you have 
received this document in error and that any review, dissemination, 
distribution, or copying of this message is strictly prohibited. If you have 
received this communication in error, please notify us immediately by e-mail, 
and delete the original message.

RE: Zeppelin 0.8.0 can not work with Spark 2.4.3

2019-05-20 Thread Pastrana, Rodrigo (RIS-BCT) 
Do we know if zeppelin 0.9.x will support spark 2.4.3 (scala 2.12)? Thanks.

From: Jeff Zhang 
Sent: Monday, May 20, 2019 5:50 AM
To: users 
Subject: Re: Zeppelin 0.8.0 can not work with Spark 2.4.3


*** External email: use caution ***


Spark 2.4.3 is built with scala 2.12 which is not supported by zeppelin 0.8.x. 
You can try to use spark 2.4.3 with scala 2.11. I am afraid you have to build 
spark 2.4.3 with scala 2.11 by yourself.


Hao Ren mailto:inv...@gmail.com>> 于2019年5月20日周一 下午5:37写道:
Hi,
I have the following errors when using spark 2.4.3.
It seems that the method has been changed in spark.
I would also like to try 0.9.0-SNAPSHOT to see if things get fixed, but I can 
not find any download link: http://archive.apache.org/dist/zeppelin/
Could you please tell me where to download it? Otherwise, I can still build the 
branch from the source.

java.lang.NoSuchMethodException: 
scala.tools.nsc.interpreter.ILoop.scala$tools$nsc$interpreter$ILoop$$loopPostInit()
 at java.lang.Class.getMethod(Class.java:1786) at 
org.apache.zeppelin.spark.BaseSparkScalaInterpreter.callMethod(BaseSparkScalaInterpreter.scala:268)
 at 
org.apache.zeppelin.spark.BaseSparkScalaInterpreter.callMethod(BaseSparkScalaInterpreter.scala:262)
 at 
org.apache.zeppelin.spark.SparkScala211Interpreter.open(SparkScala211Interpreter.scala:84)
 at 
org.apache.zeppelin.spark.NewSparkInterpreter.open(NewSparkInterpreter.java:102)
 at org.apache.zeppelin.spark.SparkInterpreter.open(SparkInterpreter.java:62) 
at 
org.apache.zeppelin.interpreter.LazyOpenInterpreter.open(LazyOpenInterpreter.java:69)
 at 
org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$InterpretJob.jobRun(RemoteInterpreterServer.java:617)
 at org.apache.zeppelin.scheduler.Job.run(Job.java:188) at 
org.apache.zeppelin.scheduler.FIFOScheduler$1.run(FIFOScheduler.java:140)

--
Hao Ren

Software Engineer in Machine Learning @ Criteo

Paris, France


--
Best Regards

Jeff Zhang


 The information contained in this 
e-mail message is intended only for the personal and confidential use of the 
recipient(s) named above. This message may be an attorney-client communication 
and/or work product and as such is privileged and confidential. If the reader 
of this message is not the intended recipient or an agent responsible for 
delivering it to the intended recipient, you are hereby notified that you have 
received this document in error and that any review, dissemination, 
distribution, or copying of this message is strictly prohibited. If you have 
received this communication in error, please notify us immediately by e-mail, 
and delete the original message.

RE: 0.9 Zeppelin release schedule

2019-05-13 Thread Pastrana, Rodrigo (RIS-BCT) 
Thanks Jeff, I hope it would be this summer as well, but do you know if that’s 
an actual target by the apache team?

There are a couple of features we’re very interested in. Currently experiencing 
issues building the branch locally…
Thanks!

From: Jeff Zhang 
Sent: Monday, May 13, 2019 10:59 AM
To: users 
Subject: Re: 0.9 Zeppelin release schedule


*** External email: use caution ***


No exact release date planned, I hope it would be in this summer.



Pastrana, Rodrigo (RIS-BCT) 
mailto:rodrigo.pastr...@lexisnexisrisk.com>>
 于2019年5月13日周一 下午10:56写道:
Hello Zeppelin community,
Do we know when to expect 0.9 pre-built packages made available? Thanks.


 The information contained in this 
e-mail message is intended only for the personal and confidential use of the 
recipient(s) named above. This message may be an attorney-client communication 
and/or work product and as such is privileged and confidential. If the reader 
of this message is not the intended recipient or an agent responsible for 
delivering it to the intended recipient, you are hereby notified that you have 
received this document in error and that any review, dissemination, 
distribution, or copying of this message is strictly prohibited. If you have 
received this communication in error, please notify us immediately by e-mail, 
and delete the original message.


--
Best Regards

Jeff Zhang


 The information contained in this 
e-mail message is intended only for the personal and confidential use of the 
recipient(s) named above. This message may be an attorney-client communication 
and/or work product and as such is privileged and confidential. If the reader 
of this message is not the intended recipient or an agent responsible for 
delivering it to the intended recipient, you are hereby notified that you have 
received this document in error and that any review, dissemination, 
distribution, or copying of this message is strictly prohibited. If you have 
received this communication in error, please notify us immediately by e-mail, 
and delete the original message.

0.9 Zeppelin release schedule

2019-05-13 Thread Pastrana, Rodrigo (RIS-BCT) 
Hello Zeppelin community,
Do we know when to expect 0.9 pre-built packages made available? Thanks.



 The information contained in this 
e-mail message is intended only for the personal and confidential use of the 
recipient(s) named above. This message may be an attorney-client communication 
and/or work product and as such is privileged and confidential. If the reader 
of this message is not the intended recipient or an agent responsible for 
delivering it to the intended recipient, you are hereby notified that you have 
received this document in error and that any review, dissemination, 
distribution, or copying of this message is strictly prohibited. If you have 
received this communication in error, please notify us immediately by e-mail, 
and delete the original message.