Uploaded image for project: 'Flume'
  1. Flume
  2. FLUME-3407

workaround for jackson-mapper-asl-1.9.13.jar @ flume-ng

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Duplicate
    • None
    • 1.10.0
    • Build
    • None
    • java 11

    Description

      Dear colleagues, 

      we are using log4j2 with flume-ng appender. 

      The below vulnerabilities are found in the dependent jackson-mapper-asl-1.9.13.jar :

      cve-2019-10202

      cve-2019-10172

      Please advise if this will be fixed and planned ETA in case it is already fixed

      Thanks , 

      sasha

       

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            Sasha Kravchik alexander kravchik
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment