Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escaping: Escape characters +-&|!(){}[]^"~*?:\ with \, e.g. \+
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Answered
Hi

Hi ! Following recent questions, please note that ClearML Server is not affected by the Apache Log4j2 Remote Code Execution (RCE) Vulnerability (CVE-2021-44228 - ESA-2021-31) - see the official https://github.com/allegroai/clearml-server for more info 🙂

  
  
Posted 3 years ago
Votes Newest

Answers 2


Thanks. Which brings me to the question. How does ClearML deal with all the CVEs? What is your process for response?

  
  
Posted 3 years ago

Hi SubstantialElk6
We try to push a fix the same day a HIGH CVE is reported, that said since the external API interface is relatively far away from DBs / OS, and since as a rule of thumb, authorized users are trusted (basically inherit agent code execution means they have to be), it is an exception to have a CVE that affects the system. I think even this high profile one, does not actually have an effect on the system as even if ELK is susceptible (which it is not), only authorized users could actually send any data to begin with...

  
  
Posted 3 years ago
1K Views
2 Answers
3 years ago
one year ago
Tags