You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flume.apache.org by "Steven Barger (JIRA)" <ji...@apache.org> on 2018/07/03 17:55:00 UTC
[jira] [Updated] (FLUME-3253) Vulnerability for new BlackDuck scan
for APM_Dynatrace using Apache Flume 1.8
[ https://issues.apache.org/jira/browse/FLUME-3253?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Steven Barger updated FLUME-3253:
---------------------------------
Description:
The Splunk app APM_Dynatrace ([https://splunkbase.splunk.com/app/1593/)] uses Apache Flume 1.8 and has Jackson-Databind vulnerabilities that are detected by our Black Duck scans. This is a critical application for our Splunk environment, and needs the updates for Apache Flume 1.8 and greater. The Jackson-Databind is updated in its versions 2.8.11+, but the Apache Flume is only packaged with 2.8.9 version. Please update the Apache Flume with the latest Jackson-Databind update to resolve the vulnerability. This needs addressed as soon as possible in order for us to consider the Splunk app APM_Dynatrace in our prod environment and it is a critical application. This has been escalated within JP Morgan Chase to our Dynatrace partners and rep (Jason Freeman) and now requires Apache Flume to be updated.
was:
The Splunk app APM_Dynatrace ([https://splunkbase.splunk.com/app/1593/)] uses Apache Flume 1.8 and has Jackson-Databind vulnerabilities that are detected by our Black Duck scans. This is a critical application for our Splunk environment, and needs the updates for Apache Flume 1.8 and greater. The Jackson-Databind is updated in its versions 2.8.11+, but the Apache Flume is only packaged with 2.8.9 version. Please update the Apache Flume with the latest Jackson-Databind update to resolve the vulnerability. This needs addressed as soon as possible in order for us to consider the Splunk app APM_Dynatrace in our prod environment and it is a critical application. This has been escalated to our Dynatrace partners and reps (Jason Freeman) and now requires Apache Flume to be updated.
> Vulnerability for new BlackDuck scan for APM_Dynatrace using Apache Flume 1.8
> -----------------------------------------------------------------------------
>
> Key: FLUME-3253
> URL: https://issues.apache.org/jira/browse/FLUME-3253
> Project: Flume
> Issue Type: Bug
> Components: Build
> Affects Versions: 1.8.0
> Reporter: Steven Barger
> Priority: Critical
> Labels: patch
> Fix For: 2.0.0
>
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> The Splunk app APM_Dynatrace ([https://splunkbase.splunk.com/app/1593/)] uses Apache Flume 1.8 and has Jackson-Databind vulnerabilities that are detected by our Black Duck scans. This is a critical application for our Splunk environment, and needs the updates for Apache Flume 1.8 and greater. The Jackson-Databind is updated in its versions 2.8.11+, but the Apache Flume is only packaged with 2.8.9 version. Please update the Apache Flume with the latest Jackson-Databind update to resolve the vulnerability. This needs addressed as soon as possible in order for us to consider the Splunk app APM_Dynatrace in our prod environment and it is a critical application. This has been escalated within JP Morgan Chase to our Dynatrace partners and rep (Jason Freeman) and now requires Apache Flume to be updated.
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@flume.apache.org
For additional commands, e-mail: issues-help@flume.apache.org