Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-3409

workaround for jackson-mapper-asl-1.9.13.jar security vulnerability @ flume-ng

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.17.1
    • 2.18.0
    • Flume Appender
    • None

    • java 11

    Description

      Dear colleagues, 

      we are using log4j2 with flume-ng appender. 

      The below vulnerabilities are found in the dependent jackson-mapper-asl-1.9.13.jar :

      cve-2019-10202

      cve-2019-10172

      etc...

      Please advise if this will be fixed and planned ETA in case it is already fixed

      Thanks , 

      Sasha

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LOG4J2-3536 Upgrade Flume to 1.10.0

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              Sasha Kravchik alexander kravchik
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: