Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
-
None
Description
The Flume Processors depend on Flume 1.10.1, which is vulnerable to CVE-2022-42468.
Although trigger the vulnerability requires a Flume configuration that includes the JMS Source with an unsafe provider URL, the dependency should be upgraded to 1.11.0 in order to mitigate potential configuration issues.
Attachments
Issue Links
- links to