You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mahout.apache.org by "Andrew Musselman (Jira)" <ji...@apache.org> on 2023/02/16 21:38:00 UTC

[jira] [Resolved] (MAHOUT-2140) Upgrade Log4j per CVE-2021-44228

     [ https://issues.apache.org/jira/browse/MAHOUT-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Musselman resolved MAHOUT-2140.
--------------------------------------
    Resolution: Won't Fix

Our version of log4j is not affected

> Upgrade Log4j per CVE-2021-44228
> --------------------------------
>
>                 Key: MAHOUT-2140
>                 URL: https://issues.apache.org/jira/browse/MAHOUT-2140
>             Project: Mahout
>          Issue Type: Bug
>            Reporter: Trevor Grant
>            Priority: Major
>
> h2. CVE-2021-44228 was a pretty big vulnerability. Since we're still on log4j 1.x the upgrade is non-trivial, but also maybe not at serious for us.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)