The Splunk app APM_Dynatrace (https://splunkbase.splunk.com/app/1593/) uses Apache Flume 1.8 and has Jackson-Databind vulnerabilities that are detected by our Black Duck scans. This is a critical application for our Splunk environment, and needs the updates for Apache Flume 1.8 and greater. The Jackson-Databind is updated in its versions 2.8.11+, but the Apache Flume is only packaged with 2.8.9 version. Please update the Apache Flume with the latest Jackson-Databind update to resolve the vulnerability. This needs addressed as soon as possible in order for us to consider the Splunk app APM_Dynatrace in our prod environment and it is a critical application. This has been escalated within JP Morgan Chase to our Dynatrace partners and rep (Jason Freeman) and now requires Apache Flume to be updated.