JP Morgan Chase scan shows vulnerabilities for Splunk App using Apache Flume 1.8

The Splunk app APM_Dynatrace (https://splunkbase.splunk.com/app/1593/) uses Apache Flume 1.8 and has Jackson-Databind vulnerabilities that are detected by our Black Duck scans.  This is a critical application for our Splunk environment, and needs the updates for Apache Flume 1.8 and greater.  The Jackson-Databind is updated in its versions 2.8.11+, but the Apache Flume is only packaged with 2.8.9 version.  Please update the Apache Flume with the latest Jackson-Databind update to resolve the vulnerability.  This needs addressed as soon as possible in order for us to consider the Splunk app APM_Dynatrace in our prod environment and it is a critical application.  This has been escalated within JP Morgan Chase to our Dynatrace partners and rep (Jason Freeman) and now requires Apache Flume to be updated.