You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flume.apache.org by "Ralph Goers (Jira)" <ji...@apache.org> on 2022/01/31 06:17:00 UTC

[jira] [Resolved] (FLUME-3385) flume-ng-sdk uses Avro-IPC version with vulnerable version of Jetty

     [ https://issues.apache.org/jira/browse/FLUME-3385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ralph Goers resolved FLUME-3385.
--------------------------------
    Resolution: Duplicate

> flume-ng-sdk uses Avro-IPC version with vulnerable version of Jetty
> -------------------------------------------------------------------
>
>                 Key: FLUME-3385
>                 URL: https://issues.apache.org/jira/browse/FLUME-3385
>             Project: Flume
>          Issue Type: Dependency upgrade
>    Affects Versions: 1.9.0
>            Reporter: Lily Warner
>            Priority: Major
>
> Vulnerability: [https://nvd.nist.gov/vuln/detail/CVE-2011-4461]
> Need to upgrade to Avro IPC version [1.9.0|https://mvnrepository.com/artifact/org.apache.avro/avro-ipc/1.9.0] or later which does not depend on the vulnerable version of Jetty (it actually doesn't use Jetty at all)



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@flume.apache.org
For additional commands, e-mail: issues-help@flume.apache.org