Uploaded image for project: 'Flume'
  1. Flume
  2. FLUME-3407

workaround for jackson-mapper-asl-1.9.13.jar @ flume-ng

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Duplicate
    • None
    • 1.10.0
    • Build
    • None

    • java 11

    Description

      Dear colleagues, 

      we are using log4j2 with flume-ng appender. 

      The below vulnerabilities are found in the dependent jackson-mapper-asl-1.9.13.jar :

      cve-2019-10202

      cve-2019-10172

      Please advise if this will be fixed and planned ETA in case it is already fixed

      Thanks , 

      sasha

       

      Attachments

        Issue Links

          duplicates

          Task - A task that needs to be done. FLUME-3402 remove org.codehaus.jackson dependencies

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              Sasha Kravchik alexander kravchik
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: