You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mahout.apache.org by "Andrew Musselman (Jira)" <ji...@apache.org> on 2023/02/16 21:38:00 UTC
[jira] [Resolved] (MAHOUT-2140) Upgrade Log4j per CVE-2021-44228
[ https://issues.apache.org/jira/browse/MAHOUT-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Musselman resolved MAHOUT-2140.
--------------------------------------
Resolution: Won't Fix
Our version of log4j is not affected
> Upgrade Log4j per CVE-2021-44228
> --------------------------------
>
> Key: MAHOUT-2140
> URL: https://issues.apache.org/jira/browse/MAHOUT-2140
> Project: Mahout
> Issue Type: Bug
> Reporter: Trevor Grant
> Priority: Major
>
> h2. CVE-2021-44228 was a pretty big vulnerability. Since we're still on log4j 1.x the upgrade is non-trivial, but also maybe not at serious for us.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)