December 16, 2021
The DataRobot v7.3.1 release includes some fixed issues in the DataRobot Self-Managed AI Platform platform. See the v7.3.0 release notes for:
Issues fixed in v7.3.1¶
The following issues have been fixed since Enterprise release v7.3.0:
- ARCH-3374: MongoDB migrations now support an analyze function to estimate collections impacted for each migration, with results shown on the command line to the cluster admin prior to executing the migration. A stats command was implemented to gather the full database statistics for collection sizes.
- MODEL-7371: Fixes a bug in grid-search that required square-brackets for search.
DataRobot Response to Log4j Vulnerability & Recommended Next Steps¶
On December 10, 2021, DataRobot became aware of a vulnerability in the widely used logging library Log4j (CVE-2021-44228) for Java-based applications, which is impacting enterprise applications and cloud services around the world. In response to this vulnerability, DataRobot immediately assembled a cross-functional team to assess the scope of the vulnerability and begin implementing steps for remediation.
Security is a foundational element of an Enterprise AI Platform. We have completed a thorough investigation and currently have no indication of any successful exploitation of this vulnerability in our Managed Cloud environment. We identified remediations and deployed fixes for all of our customers on DataRobot Managed Cloud as of December 12, 2021 and DataRobot DataPrep as of December 13, 2021. If you currently do not use DataRobot Scoring Code, MLOps Monitoring Agents, or Portable Prediction Servers (PPS) with MLOps Monitoring enabled, no further action is required by you.
For customers using any of the above features, the Log4j vulnerability may continue to exist in any previously generated artifact. As general guidance, please follow the Apache Security Advisory for Log4j for mitigation. If you need further details, please review the appendix for specific mitigation steps on DataRobot artifacts to help address these risks.
Please do not hesitate to reach out to your account team or email firstname.lastname@example.org if we can assist you in any way. As always, thank you for including DataRobot as a cornerstone in your AI transformation. We will provide updates on Log4j if we have new information relevant to you. For now, we wish you the happiest of holiday seasons.
All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.