You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flume.apache.org by "Ralph Goers (Jira)" <ji...@apache.org> on 2022/01/31 06:17:00 UTC
[jira] [Resolved] (FLUME-3385) flume-ng-sdk uses Avro-IPC version with vulnerable version of Jetty
[ https://issues.apache.org/jira/browse/FLUME-3385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ralph Goers resolved FLUME-3385.
--------------------------------
Resolution: Duplicate
> flume-ng-sdk uses Avro-IPC version with vulnerable version of Jetty
> -------------------------------------------------------------------
>
> Key: FLUME-3385
> URL: https://issues.apache.org/jira/browse/FLUME-3385
> Project: Flume
> Issue Type: Dependency upgrade
> Affects Versions: 1.9.0
> Reporter: Lily Warner
> Priority: Major
>
> Vulnerability: [https://nvd.nist.gov/vuln/detail/CVE-2011-4461]
> Need to upgrade to Avro IPC version [1.9.0|https://mvnrepository.com/artifact/org.apache.avro/avro-ipc/1.9.0] or later which does not depend on the vulnerable version of Jetty (it actually doesn't use Jetty at all)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@flume.apache.org
For additional commands, e-mail: issues-help@flume.apache.org