You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flume.apache.org by "Steven Barger (JIRA)" <ji...@apache.org> on 2018/07/03 17:55:00 UTC

[jira] [Created] (FLUME-3253) Vulnerability for new BlackDuck scan for APM_Dynatrace using Apache Flume 1.8

Steven Barger created FLUME-3253:
------------------------------------

             Summary: Vulnerability for new BlackDuck scan for APM_Dynatrace using Apache Flume 1.8
                 Key: FLUME-3253
                 URL: https://issues.apache.org/jira/browse/FLUME-3253
             Project: Flume
          Issue Type: Bug
          Components: Build
    Affects Versions: 1.8.0
            Reporter: Steven Barger
             Fix For: 2.0.0


The Splunk app APM_Dynatrace ([https://splunkbase.splunk.com/app/1593/)] uses Apache Flume 1.8 and has Jackson-Databind vulnerabilities that are detected by our Black Duck scans.  This is a critical application for our Splunk environment, and needs the updates for Apache Flume 1.8 and greater.  The Jackson-Databind is updated in its versions 2.8.11+, but the Apache Flume is only packaged with 2.8.9 version.  Please update the Apache Flume with the latest Jackson-Databind update to resolve the vulnerability.  This needs addressed as soon as possible in order for us to consider the Splunk app APM_Dynatrace in our prod environment and it is a critical application.  This has been escalated to our Dynatrace partners and reps (Jason Freeman) and now requires Apache Flume to be updated.

 

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@flume.apache.org
For additional commands, e-mail: issues-help@flume.apache.org