Uploaded image for project: 'Flume'
  1. Flume
  2. FLUME-3253

JP Morgan Chase scan shows vulnerabilities for Splunk App using Apache Flume 1.8

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.8.0
    • Fix Version/s: 1.9.0
    • Component/s: Build
    • Labels:
    • Flags:
      Patch, Important

      Description

      The Splunk app APM_Dynatrace (https://splunkbase.splunk.com/app/1593/) uses Apache Flume 1.8 and has Jackson-Databind vulnerabilities that are detected by our Black Duck scans.  This is a critical application for our Splunk environment, and needs the updates for Apache Flume 1.8 and greater.  The Jackson-Databind is updated in its versions 2.8.11+, but the Apache Flume is only packaged with 2.8.9 version.  Please update the Apache Flume with the latest Jackson-Databind update to resolve the vulnerability.  This needs addressed as soon as possible in order for us to consider the Splunk app APM_Dynatrace in our prod environment and it is a critical application.  This has been escalated within JP Morgan Chase to our Dynatrace partners and rep (Jason Freeman) and now requires Apache Flume to be updated.

       

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                turcsanyip Peter Turcsanyi
                Reporter:
                sbarger18 Steven Barger
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 168h
                  168h
                  Remaining:
                  Remaining Estimate - 168h
                  168h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified