You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flume.apache.org by "Steven Barger (JIRA)" <ji...@apache.org> on 2018/07/03 17:55:00 UTC
[jira] [Created] (FLUME-3253) Vulnerability for new BlackDuck scan
for APM_Dynatrace using Apache Flume 1.8
Steven Barger created FLUME-3253:
------------------------------------
Summary: Vulnerability for new BlackDuck scan for APM_Dynatrace using Apache Flume 1.8
Key: FLUME-3253
URL: https://issues.apache.org/jira/browse/FLUME-3253
Project: Flume
Issue Type: Bug
Components: Build
Affects Versions: 1.8.0
Reporter: Steven Barger
Fix For: 2.0.0
The Splunk app APM_Dynatrace ([https://splunkbase.splunk.com/app/1593/)] uses Apache Flume 1.8 and has Jackson-Databind vulnerabilities that are detected by our Black Duck scans. This is a critical application for our Splunk environment, and needs the updates for Apache Flume 1.8 and greater. The Jackson-Databind is updated in its versions 2.8.11+, but the Apache Flume is only packaged with 2.8.9 version. Please update the Apache Flume with the latest Jackson-Databind update to resolve the vulnerability. This needs addressed as soon as possible in order for us to consider the Splunk app APM_Dynatrace in our prod environment and it is a critical application. This has been escalated to our Dynatrace partners and reps (Jason Freeman) and now requires Apache Flume to be updated.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@flume.apache.org
For additional commands, e-mail: issues-help@flume.apache.org