This is an automated email from the ASF dual-hosted git repository.
rgoers pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/flume-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new 76281ab Update site for 1.10.0
76281ab is described below
commit 76281ab623d2c75a8914dbda44906933f28b9058
Author: Ralph Goers <[email protected]>
AuthorDate: Mon Jun 13 13:05:04 2022 -0700
Update site for 1.10.0
---
content/.doctrees/FlumeUserGuide.doctree | Bin 2954795 -> 2953674
bytes
content/.doctrees/environment.pickle | Bin 194635 -> 196124 bytes
content/.doctrees/index.doctree | Bin 206422 -> 208062 bytes
content/.doctrees/security.doctree | Bin 0 -> 19591 bytes
content/FlumeDeveloperGuide.html | 1 +
content/FlumeUserGuide.html | 23 ++++----
content/_sources/FlumeUserGuide.txt | 20 +++----
content/_sources/index.txt | 6 +-
content/_sources/security.txt | 43 ++++++++++++++
content/documentation.html | 3 +-
content/download.html | 3 +-
content/getinvolved.html | 1 +
content/index.html | 5 +-
content/license.html | 1 +
content/mailinglists.html | 1 +
content/releases/1.0.0.html | 1 +
content/releases/1.1.0.html | 1 +
content/releases/1.10.0.html | 1 +
content/releases/1.2.0.html | 1 +
content/releases/1.3.0.html | 1 +
content/releases/1.3.1.html | 1 +
content/releases/1.4.0.html | 1 +
content/releases/1.5.0.1.html | 1 +
content/releases/1.5.0.html | 1 +
content/releases/1.5.2.html | 1 +
content/releases/1.6.0.html | 1 +
content/releases/1.7.0.html | 1 +
content/releases/1.8.0.html | 1 +
content/releases/1.9.0.html | 1 +
.../content/1.10.0/FlumeDeveloperGuide.html | 1 +
.../releases/content/1.10.0/FlumeUserGuide.html | 23 ++++----
content/releases/index.html | 1 +
content/search.html | 1 +
content/searchindex.js | 2 +-
content/{mailinglists.html => security.html} | 64 ++++++++++-----------
content/source.html | 1 +
content/team.html | 1 +
content/testing.html | 1 +
source/sphinx/FlumeUserGuide.rst | 20 +++----
source/sphinx/index.rst | 6 +-
source/sphinx/security.rst | 43 ++++++++++++++
41 files changed, 201 insertions(+), 84 deletions(-)
diff --git a/content/.doctrees/FlumeUserGuide.doctree
b/content/.doctrees/FlumeUserGuide.doctree
index e46721d..18abb97 100644
Binary files a/content/.doctrees/FlumeUserGuide.doctree and
b/content/.doctrees/FlumeUserGuide.doctree differ
diff --git a/content/.doctrees/environment.pickle
b/content/.doctrees/environment.pickle
index 8817c17..4dd6c98 100644
Binary files a/content/.doctrees/environment.pickle and
b/content/.doctrees/environment.pickle differ
diff --git a/content/.doctrees/index.doctree b/content/.doctrees/index.doctree
index 9775ac2..189406b 100644
Binary files a/content/.doctrees/index.doctree and
b/content/.doctrees/index.doctree differ
diff --git a/content/.doctrees/security.doctree
b/content/.doctrees/security.doctree
new file mode 100644
index 0000000..51dde75
Binary files /dev/null and b/content/.doctrees/security.doctree differ
diff --git a/content/FlumeDeveloperGuide.html b/content/FlumeDeveloperGuide.html
index e3d6b28..fee705d 100644
--- a/content/FlumeDeveloperGuide.html
+++ b/content/FlumeDeveloperGuide.html
@@ -993,6 +993,7 @@ sent to the Source, presumably after the event has be
modified in some way.</p>
<ul>
<li class="toctree-l1"><a class="reference internal"
href="getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="releases/index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="mailinglists.html">Mailing lists</a></li>
diff --git a/content/FlumeUserGuide.html b/content/FlumeUserGuide.html
index 1a094b5..b137fce 100644
--- a/content/FlumeUserGuide.html
+++ b/content/FlumeUserGuide.html
@@ -221,12 +221,11 @@ that buffers event data in memory, and a sink that logs
event data to the consol
various components, then describes their types and configuration parameters. A
given configuration file might define
several named agents; when a given Flume process is launched a flag is passed
telling it which named agent to manifest.</p>
<p>Given this configuration file, we can start Flume as follows:</p>
-<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --name a1 -Dflume.root.logger=INFO,console
+<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --name a1
</pre></div>
</div>
<p>Note that in a full deployment we would typically include one more option:
<tt class="docutils literal"><span
class="pre">--conf=<conf-dir></span></tt>.
-The <tt class="docutils literal"><span
class="pre"><conf-dir></span></tt> directory would include a shell script
<em>flume-env.sh</em> and potentially a log4j properties file.
-In this example, we pass a Java option to force Flume to log to the console
and we go without a custom environment script.</p>
+The <tt class="docutils literal"><span
class="pre"><conf-dir></span></tt> directory would include a shell script
<em>flume-env.sh</em> and potentially a log4j configuration file.</p>
<p>From a separate terminal, we can then telnet port 44444 and send Flume an
event:</p>
<div class="highlight-properties"><pre>$ telnet localhost 44444
Trying 127.0.0.1...
@@ -265,7 +264,7 @@ be configured using its own –conf-file or
–conf-uri option. However,
with –conf-file or with –conf-uri. If –conf-file and
–conf-uri appear together as options all –conf-uri
configurations will be processed before any of the –conf-file
configurations are merged.</p>
<p>For example, a configuration of:</p>
-<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --conf-uri http://localhost:80/flume.conf
--conf-uri http://localhost:80/override.conf --name a1
-Dflume.root.logger=INFO,console
+<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --conf-uri http://localhost:80/flume.conf
--conf-uri http://localhost:80/override.conf --name a1
</pre></div>
</div>
<p>will cause flume.conf to be read first, override.conf to be merged with it
and finally example.conf would be
@@ -294,7 +293,7 @@ class using the default set of Lookups along with a lookup
that uses the configu
source for replacement values.</p>
<dl class="docutils">
<dt>For example::</dt>
-<dd>$ NC_PORT=44444 bin/flume-ng agent –conf conf –conf-file
example.conf –name a1 -Dflume.root.logger=INFO,console</dd>
+<dd>$ NC_PORT=44444 bin/flume-ng agent –conf conf –conf-file
example.conf –name a1</dd>
</dl>
<p>Note the above is just an example, environment variables can be configured
in other ways, including being set in <cite>conf/flume-env.sh</cite>.</p>
<p>As noted, system properties are also supported, so the configuration:</p>
@@ -306,7 +305,7 @@ a1.sources.r1.channels = c1
</pre></div>
</div>
<p>could be used and the startup command could be:</p>
-<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --name a1 -Dflume.root.logger=INFO,console
-DNC_PORT=44444
+<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --name a1 -DNC_PORT=44444
</pre></div>
</div>
<p>Furthermore, because multiple configuration files are allowed the first
file could contain:</p>
@@ -322,7 +321,7 @@ a1.sources.r1.channels = c1
</pre></div>
</div>
<p>In this case the startup command could be:</p>
-<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --conf-file override.conf --name a1
-Dflume.root.logger=INFO,console
+<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --conf-file override.conf --name a1
</pre></div>
</div>
<p>Note that the method for specifying environment variables as was done in
prior versions will stil work
@@ -357,9 +356,8 @@ setting this in the <tt class="docutils literal"><span
class="pre">JAVA_OPTS</sp
<p>To enable data logging, set the Java system property <tt class="docutils
literal"><span class="pre">-Dorg.apache.flume.log.rawdata=true</span></tt>
in the same way described above. For most components, the log4j logging level
must also be set to
DEBUG or TRACE to make event-specific logging appear in the Flume logs.</p>
-<p>Here is an example of enabling both configuration logging and raw data
logging while also
-setting the Log4j loglevel to DEBUG for console output:</p>
-<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --name a1
-Dflume.root.logger=DEBUG,console -Dorg.apache.flume.log.printconfig=true
-Dorg.apache.flume.log.rawdata=true
+<p>Here is an example of enabling both configuration logging and raw data
logging:</p>
+<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --name a1
-Dorg.apache.flume.log.printconfig=true -Dorg.apache.flume.log.rawdata=true
</pre></div>
</div>
</div>
@@ -374,7 +372,7 @@ Following is how the Zookeeper Node tree would look like
for agents a1 and a2</p
</div>
<p>Once the configuration file is uploaded, start the agent with following
options</p>
<blockquote>
-<div>$ bin/flume-ng agent –conf conf -z zkhost:2181,zkhost1:2181 -p
/flume –name a1 -Dflume.root.logger=INFO,console</div></blockquote>
+<div>$ bin/flume-ng agent –conf conf -z zkhost:2181,zkhost1:2181 -p
/flume –name a1</div></blockquote>
<table border="1" class="docutils">
<colgroup>
<col width="17%" />
@@ -7679,7 +7677,7 @@ source code of the components.</p>
<div class="section" id="sinks-1">
<h4>Sinks 1<a class="headerlink" href="#sinks-1" title="Permalink to this
headline">¶</a></h4>
<div class="system-message">
-<p class="system-message-title">System Message: ERROR/3 (<tt
class="docutils">/Users/rgoers/projects/apache/flume/flume-site/source/sphinx/FlumeUserGuide.rst</tt>,
line 5070)</p>
+<p class="system-message-title">System Message: ERROR/3 (<tt
class="docutils">/Users/rgoers/projects/apache/flume/flume-site/source/sphinx/FlumeUserGuide.rst</tt>,
line 5068)</p>
<p>Malformed table.</p>
<div class="highlight-none"><div
class="highlight"><pre>+------------------------+-------------+------------+-------+--------+
| | Avro/Thrift | AsyncHBase | HBase | HBase2 |
@@ -8666,6 +8664,7 @@ can be leveraged to move the Flume agent to another
host.</p>
<ul>
<li class="toctree-l1"><a class="reference internal"
href="getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="releases/index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="mailinglists.html">Mailing lists</a></li>
diff --git a/content/_sources/FlumeUserGuide.txt
b/content/_sources/FlumeUserGuide.txt
index 7d7b3fd..dc5b2b7 100644
--- a/content/_sources/FlumeUserGuide.txt
+++ b/content/_sources/FlumeUserGuide.txt
@@ -197,11 +197,10 @@ several named agents; when a given Flume process is
launched a flag is passed te
Given this configuration file, we can start Flume as follows::
- $ bin/flume-ng agent --conf conf --conf-file example.conf --name a1
-Dflume.root.logger=INFO,console
+ $ bin/flume-ng agent --conf conf --conf-file example.conf --name a1
Note that in a full deployment we would typically include one more option:
``--conf=<conf-dir>``.
-The ``<conf-dir>`` directory would include a shell script *flume-env.sh* and
potentially a log4j properties file.
-In this example, we pass a Java option to force Flume to log to the console
and we go without a custom environment script.
+The ``<conf-dir>`` directory would include a shell script *flume-env.sh* and
potentially a log4j configuration file.
From a separate terminal, we can then telnet port 44444 and send Flume an
event:
@@ -249,7 +248,7 @@ configurations will be processed before any of the
--conf-file configurations ar
For example, a configuration of::
- $ bin/flume-ng agent --conf conf --conf-file example.conf --conf-uri
http://localhost:80/flume.conf --conf-uri http://localhost:80/override.conf
--name a1 -Dflume.root.logger=INFO,console
+ $ bin/flume-ng agent --conf conf --conf-file example.conf --conf-uri
http://localhost:80/flume.conf --conf-uri http://localhost:80/override.conf
--name a1
will cause flume.conf to be read first, override.conf to be merged with it and
finally example.conf would be
merged last. If it is desirec to have example.conf be the base configuration
it should be specified using the
@@ -278,7 +277,7 @@ class using the default set of Lookups along with a lookup
that uses the configu
source for replacement values.
For example::
- $ NC_PORT=44444 bin/flume-ng agent --conf conf --conf-file example.conf
--name a1 -Dflume.root.logger=INFO,console
+ $ NC_PORT=44444 bin/flume-ng agent --conf conf --conf-file example.conf
--name a1
Note the above is just an example, environment variables can be configured in
other ways, including being set in `conf/flume-env.sh`.
@@ -292,7 +291,7 @@ As noted, system properties are also supported, so the
configuration::
could be used and the startup command could be::
- $ bin/flume-ng agent --conf conf --conf-file example.conf --name a1
-Dflume.root.logger=INFO,console -DNC_PORT=44444
+ $ bin/flume-ng agent --conf conf --conf-file example.conf --name a1
-DNC_PORT=44444
Furthermore, because multiple configuration files are allowed the first file
could contain::
@@ -308,7 +307,7 @@ and the override file could contain::
In this case the startup command could be::
- $ bin/flume-ng agent --conf conf --conf-file example.conf --conf-file
override.conf --name a1 -Dflume.root.logger=INFO,console
+ $ bin/flume-ng agent --conf conf --conf-file example.conf --conf-file
override.conf --name a1
Note that the method for specifying environment variables as was done in prior
versions will stil work
but has been deprecated in favor of using ${env:varName}.
@@ -348,10 +347,9 @@ To enable data logging, set the Java system property
``-Dorg.apache.flume.log.ra
in the same way described above. For most components, the log4j logging level
must also be set to
DEBUG or TRACE to make event-specific logging appear in the Flume logs.
-Here is an example of enabling both configuration logging and raw data logging
while also
-setting the Log4j loglevel to DEBUG for console output::
+Here is an example of enabling both configuration logging and raw data
logging::
- $ bin/flume-ng agent --conf conf --conf-file example.conf --name a1
-Dflume.root.logger=DEBUG,console -Dorg.apache.flume.log.printconfig=true
-Dorg.apache.flume.log.rawdata=true
+ $ bin/flume-ng agent --conf conf --conf-file example.conf --name a1
-Dorg.apache.flume.log.printconfig=true -Dorg.apache.flume.log.rawdata=true
Zookeeper based Configuration
@@ -369,7 +367,7 @@ Following is how the Zookeeper Node tree would look like
for agents a1 and a2
Once the configuration file is uploaded, start the agent with following options
- $ bin/flume-ng agent --conf conf -z zkhost:2181,zkhost1:2181 -p /flume
--name a1 -Dflume.root.logger=INFO,console
+ $ bin/flume-ng agent --conf conf -z zkhost:2181,zkhost1:2181 -p /flume
--name a1
================== ================
=========================================================================
Argument Name Default Description
diff --git a/content/_sources/index.txt b/content/_sources/index.txt
index a750734..b5a92b7 100644
--- a/content/_sources/index.txt
+++ b/content/_sources/index.txt
@@ -33,7 +33,7 @@ application.
.. raw:: html
- <h3>June 5, 2022 - Apache Flume 1.10.0 Released</h3>
+ <h3>June 13, 2022 - Apache Flume 1.10.0 Released</h3>
The Apache Flume team is pleased to announce the release of Flume 1.10.0.
@@ -43,6 +43,9 @@ collecting, aggregating, and moving large amounts of
streaming event data.
Flume 1.10.0 is stable, production-ready software, and is backwards-compatible
with
previous versions of the Flume 1.x codeline.
+Flume 1.10.0 contains a fix for `CVE-2022-25167
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25167>`__.
+See the `Flume Security <./security.html>`__ page for more details.
+
This version of Flume upgrades many dependencies, resolving the CVEs
associated with them.
Enhancements included in this release include the addition of a
LoadBalancingChannelSelector,
the ability to retrieve the Flume configuration from a remote source such as a
Spring
@@ -575,6 +578,7 @@ Feel free to post to the User's mailing list with any
questions.
getinvolved
download
+ security
documentation
releases/index
mailinglists
diff --git a/content/_sources/security.txt b/content/_sources/security.txt
new file mode 100644
index 0000000..eef07a2
--- /dev/null
+++ b/content/_sources/security.txt
@@ -0,0 +1,43 @@
+=====================================
+Apache Flume Security Vulnerabilities
+=====================================
+
+This page lists all the security vulnerabilities fixed in released versions of
Apache Flume. Each vulnerability is given a security impact rating by the
Apache Flume security team. Note that this rating may vary from platform to
platform. We also list the versions of Apache Flume the flaw is known to
affect, and where a flaw has not been verified list the version with a question
mark.
+
+Binary patches are never provided. If you need to apply a source code patch,
use the building instructions for the Apache Flume version that you are using.
+
+If you need help on building or configuring Flume or other help on following
the instructions to mitigate the known vulnerabilities listed here, please
subscribe to, and send your questions to the public Flume Users mailing list.
+
+If you have encountered an unlisted security vulnerability or other unexpected
behaviour that has security impact, or if the descriptions here are incomplete,
please report them privately to the `Flume SecurityTeam
<mailto:[email protected]>`__. Thank you!
+
+.. rubric:: Fixed in Flume 1.10.0
+
+`CVE-2022-25167
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25167>`__: Apache
Flume vulnerable to a JNDI RCE in JMSSource.
+
++------------------------------------------------------------------------------------+--------------------------------------------------------------------------+
+| `CVE-2022-25167
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25167>`__ |
Deserialization of Untrusted Data |
++====================================================================================+==========================================================================+
+| Severity
| Moderate
|
++------------------------------------------------------------------------------------+--------------------------------------------------------------------------+
+| Base CVSS SCore
| 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
|
++------------------------------------------------------------------------------------+--------------------------------------------------------------------------+
+| Versions Affected
| Flume 1.4.0 through 1.9.0
|
++------------------------------------------------------------------------------------+--------------------------------------------------------------------------+
+
+.. rubric:: Description
+
+Flume's JMSSource class can be configured with a connection factory name. A
JNDI lookup is performed on this name without performing an validation. This
could result in untrusted data being deserialized.
+
+.. rubric:: Mitigation
+
+Upgrade to Flume 1.10.0.
+
+In releases 1.4.0 through 1.9.0 the JMSSource should not be used.
+
+.. rubric:: Release Details
+
+In release 1.10.0, if a protocol is specified in the connection factory
parameter only the java protocol will be allowed. If no protocol is specified
it will also be allowed.
+
+.. rubric:: Credit
+
+This issue was found by the Flume development team.
diff --git a/content/documentation.html b/content/documentation.html
index 8981d7e..86d2d2c 100644
--- a/content/documentation.html
+++ b/content/documentation.html
@@ -26,7 +26,7 @@
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="top" title="Apache Flume" href="index.html" />
<link rel="next" title="Flume 1.10.0 User Guide"
href="FlumeUserGuide.html" />
- <link rel="prev" title="Download" href="download.html" />
+ <link rel="prev" title="Apache Flume Security Vulnerabilities"
href="security.html" />
</head>
<body>
<div class="header">
@@ -86,6 +86,7 @@ been released.</p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal"
href="getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1 current"><a class="current reference internal"
href="">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="releases/index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="mailinglists.html">Mailing lists</a></li>
diff --git a/content/download.html b/content/download.html
index 7843dbd..723e331 100644
--- a/content/download.html
+++ b/content/download.html
@@ -25,7 +25,7 @@
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="top" title="Apache Flume" href="index.html" />
- <link rel="next" title="Documentation" href="documentation.html" />
+ <link rel="next" title="Apache Flume Security Vulnerabilities"
href="security.html" />
<link rel="prev" title="How to Get Involved" href="getinvolved.html" />
</head>
<body>
@@ -112,6 +112,7 @@ Unix distributions for this purpose.</p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal"
href="getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1 current"><a class="current reference internal"
href="">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="releases/index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="mailinglists.html">Mailing lists</a></li>
diff --git a/content/getinvolved.html b/content/getinvolved.html
index 4816b17..388f639 100644
--- a/content/getinvolved.html
+++ b/content/getinvolved.html
@@ -81,6 +81,7 @@ you find at: <a class="reference external"
href="https://issues.apache.org/jira/
<ul class="current">
<li class="toctree-l1 current"><a class="current reference internal"
href="">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="releases/index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="mailinglists.html">Mailing lists</a></li>
diff --git a/content/index.html b/content/index.html
index 3e22e33..5d28eee 100644
--- a/content/index.html
+++ b/content/index.html
@@ -71,11 +71,13 @@ application.</p>
<img alt="Agent component diagram" src="_images/DevGuide_image00.png" />
</div>
<p class="rubric">News</p>
-<h3>June 5, 2022 - Apache Flume 1.10.0 Released</h3><p>The Apache Flume team
is pleased to announce the release of Flume 1.10.0.</p>
+<h3>June 13, 2022 - Apache Flume 1.10.0 Released</h3><p>The Apache Flume team
is pleased to announce the release of Flume 1.10.0.</p>
<p>Flume is a distributed, reliable, and available service for efficiently
collecting, aggregating, and moving large amounts of streaming event data.</p>
<p>Flume 1.10.0 is stable, production-ready software, and is
backwards-compatible with
previous versions of the Flume 1.x codeline.</p>
+<p>Flume 1.10.0 contains a fix for <a class="reference external"
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25167";>CVE-2022-25167</a>.
+See the <a class="reference external" href="./security.html">Flume
Security</a> page for more details.</p>
<p>This version of Flume upgrades many dependencies, resolving the CVEs
associated with them.
Enhancements included in this release include the addition of a
LoadBalancingChannelSelector,
the ability to retrieve the Flume configuration from a remote source such as a
Spring
@@ -493,6 +495,7 @@ Feel free to post to the User’s mailing list with any
questions.</p>
<ul>
<li class="toctree-l1"><a class="reference internal"
href="getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="releases/index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="mailinglists.html">Mailing lists</a></li>
diff --git a/content/license.html b/content/license.html
index 79a6135..d133b88 100644
--- a/content/license.html
+++ b/content/license.html
@@ -164,6 +164,7 @@ accepting any such warranty or additional liability.</p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal"
href="getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="releases/index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="mailinglists.html">Mailing lists</a></li>
diff --git a/content/mailinglists.html b/content/mailinglists.html
index ed28568..11d65a9 100644
--- a/content/mailinglists.html
+++ b/content/mailinglists.html
@@ -110,6 +110,7 @@
<ul class="current">
<li class="toctree-l1"><a class="reference internal"
href="getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="releases/index.html">Releases</a></li>
<li class="toctree-l1 current"><a class="current reference internal"
href="">Mailing lists</a></li>
diff --git a/content/releases/1.0.0.html b/content/releases/1.0.0.html
index e172764..9ed29d0 100644
--- a/content/releases/1.0.0.html
+++ b/content/releases/1.0.0.html
@@ -279,6 +279,7 @@ Incubator, and is labelled and should be considered as a
beta version.</p>
<ul>
<li class="toctree-l1"><a class="reference internal"
href="../getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="../security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/1.1.0.html b/content/releases/1.1.0.html
index 7f4e797..df130a8 100644
--- a/content/releases/1.1.0.html
+++ b/content/releases/1.1.0.html
@@ -165,6 +165,7 @@ it is likely to change until a stable release version.</p>
<ul>
<li class="toctree-l1"><a class="reference internal"
href="../getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="../security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/1.10.0.html b/content/releases/1.10.0.html
index 073f475..7ca3c58 100644
--- a/content/releases/1.10.0.html
+++ b/content/releases/1.10.0.html
@@ -149,6 +149,7 @@
<ul>
<li class="toctree-l1"><a class="reference internal"
href="../getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="../security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/1.2.0.html b/content/releases/1.2.0.html
index 9c6424d..9761c39 100644
--- a/content/releases/1.2.0.html
+++ b/content/releases/1.2.0.html
@@ -286,6 +286,7 @@ and functionality along with bug fixes and other
enhancements.</p>
<ul>
<li class="toctree-l1"><a class="reference internal"
href="../getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="../security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/1.3.0.html b/content/releases/1.3.0.html
index 4c9211f..bd935b2 100644
--- a/content/releases/1.3.0.html
+++ b/content/releases/1.3.0.html
@@ -271,6 +271,7 @@ enhancements.</p>
<ul>
<li class="toctree-l1"><a class="reference internal"
href="../getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="../security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/1.3.1.html b/content/releases/1.3.1.html
index 9df2dcf..b73a691 100644
--- a/content/releases/1.3.1.html
+++ b/content/releases/1.3.1.html
@@ -108,6 +108,7 @@ several bug fixes and performance enhancements.</p>
<ul>
<li class="toctree-l1"><a class="reference internal"
href="../getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="../security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/1.4.0.html b/content/releases/1.4.0.html
index 4704145..090842c 100644
--- a/content/releases/1.4.0.html
+++ b/content/releases/1.4.0.html
@@ -293,6 +293,7 @@
<ul>
<li class="toctree-l1"><a class="reference internal"
href="../getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="../security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/1.5.0.1.html b/content/releases/1.5.0.1.html
index b486b0a..c69829e 100644
--- a/content/releases/1.5.0.1.html
+++ b/content/releases/1.5.0.1.html
@@ -93,6 +93,7 @@
<ul>
<li class="toctree-l1"><a class="reference internal"
href="../getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="../security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/1.5.0.html b/content/releases/1.5.0.html
index 470155e..20b4329 100644
--- a/content/releases/1.5.0.html
+++ b/content/releases/1.5.0.html
@@ -225,6 +225,7 @@
<ul>
<li class="toctree-l1"><a class="reference internal"
href="../getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="../security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/1.5.2.html b/content/releases/1.5.2.html
index 7c47eb8..9d2af11 100644
--- a/content/releases/1.5.2.html
+++ b/content/releases/1.5.2.html
@@ -98,6 +98,7 @@ sources and sinks.</p>
<ul>
<li class="toctree-l1"><a class="reference internal"
href="../getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="../security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/1.6.0.html b/content/releases/1.6.0.html
index cfba4ad..3902f87 100644
--- a/content/releases/1.6.0.html
+++ b/content/releases/1.6.0.html
@@ -223,6 +223,7 @@
<ul>
<li class="toctree-l1"><a class="reference internal"
href="../getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="../security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/1.7.0.html b/content/releases/1.7.0.html
index 4cac1e5..bd82f1e 100644
--- a/content/releases/1.7.0.html
+++ b/content/releases/1.7.0.html
@@ -211,6 +211,7 @@
<ul>
<li class="toctree-l1"><a class="reference internal"
href="../getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="../security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/1.8.0.html b/content/releases/1.8.0.html
index e2daebd..53dba5e 100644
--- a/content/releases/1.8.0.html
+++ b/content/releases/1.8.0.html
@@ -164,6 +164,7 @@
<ul>
<li class="toctree-l1"><a class="reference internal"
href="../getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="../security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/1.9.0.html b/content/releases/1.9.0.html
index ee03779..3b112f2 100644
--- a/content/releases/1.9.0.html
+++ b/content/releases/1.9.0.html
@@ -182,6 +182,7 @@
<ul>
<li class="toctree-l1"><a class="reference internal"
href="../getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="../security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/content/1.10.0/FlumeDeveloperGuide.html
b/content/releases/content/1.10.0/FlumeDeveloperGuide.html
index e3d6b28..fee705d 100644
--- a/content/releases/content/1.10.0/FlumeDeveloperGuide.html
+++ b/content/releases/content/1.10.0/FlumeDeveloperGuide.html
@@ -993,6 +993,7 @@ sent to the Source, presumably after the event has be
modified in some way.</p>
<ul>
<li class="toctree-l1"><a class="reference internal"
href="getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="releases/index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/content/1.10.0/FlumeUserGuide.html
b/content/releases/content/1.10.0/FlumeUserGuide.html
index 1a094b5..b137fce 100644
--- a/content/releases/content/1.10.0/FlumeUserGuide.html
+++ b/content/releases/content/1.10.0/FlumeUserGuide.html
@@ -221,12 +221,11 @@ that buffers event data in memory, and a sink that logs
event data to the consol
various components, then describes their types and configuration parameters. A
given configuration file might define
several named agents; when a given Flume process is launched a flag is passed
telling it which named agent to manifest.</p>
<p>Given this configuration file, we can start Flume as follows:</p>
-<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --name a1 -Dflume.root.logger=INFO,console
+<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --name a1
</pre></div>
</div>
<p>Note that in a full deployment we would typically include one more option:
<tt class="docutils literal"><span
class="pre">--conf=<conf-dir></span></tt>.
-The <tt class="docutils literal"><span
class="pre"><conf-dir></span></tt> directory would include a shell script
<em>flume-env.sh</em> and potentially a log4j properties file.
-In this example, we pass a Java option to force Flume to log to the console
and we go without a custom environment script.</p>
+The <tt class="docutils literal"><span
class="pre"><conf-dir></span></tt> directory would include a shell script
<em>flume-env.sh</em> and potentially a log4j configuration file.</p>
<p>From a separate terminal, we can then telnet port 44444 and send Flume an
event:</p>
<div class="highlight-properties"><pre>$ telnet localhost 44444
Trying 127.0.0.1...
@@ -265,7 +264,7 @@ be configured using its own –conf-file or
–conf-uri option. However,
with –conf-file or with –conf-uri. If –conf-file and
–conf-uri appear together as options all –conf-uri
configurations will be processed before any of the –conf-file
configurations are merged.</p>
<p>For example, a configuration of:</p>
-<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --conf-uri http://localhost:80/flume.conf
--conf-uri http://localhost:80/override.conf --name a1
-Dflume.root.logger=INFO,console
+<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --conf-uri http://localhost:80/flume.conf
--conf-uri http://localhost:80/override.conf --name a1
</pre></div>
</div>
<p>will cause flume.conf to be read first, override.conf to be merged with it
and finally example.conf would be
@@ -294,7 +293,7 @@ class using the default set of Lookups along with a lookup
that uses the configu
source for replacement values.</p>
<dl class="docutils">
<dt>For example::</dt>
-<dd>$ NC_PORT=44444 bin/flume-ng agent –conf conf –conf-file
example.conf –name a1 -Dflume.root.logger=INFO,console</dd>
+<dd>$ NC_PORT=44444 bin/flume-ng agent –conf conf –conf-file
example.conf –name a1</dd>
</dl>
<p>Note the above is just an example, environment variables can be configured
in other ways, including being set in <cite>conf/flume-env.sh</cite>.</p>
<p>As noted, system properties are also supported, so the configuration:</p>
@@ -306,7 +305,7 @@ a1.sources.r1.channels = c1
</pre></div>
</div>
<p>could be used and the startup command could be:</p>
-<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --name a1 -Dflume.root.logger=INFO,console
-DNC_PORT=44444
+<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --name a1 -DNC_PORT=44444
</pre></div>
</div>
<p>Furthermore, because multiple configuration files are allowed the first
file could contain:</p>
@@ -322,7 +321,7 @@ a1.sources.r1.channels = c1
</pre></div>
</div>
<p>In this case the startup command could be:</p>
-<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --conf-file override.conf --name a1
-Dflume.root.logger=INFO,console
+<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --conf-file override.conf --name a1
</pre></div>
</div>
<p>Note that the method for specifying environment variables as was done in
prior versions will stil work
@@ -357,9 +356,8 @@ setting this in the <tt class="docutils literal"><span
class="pre">JAVA_OPTS</sp
<p>To enable data logging, set the Java system property <tt class="docutils
literal"><span class="pre">-Dorg.apache.flume.log.rawdata=true</span></tt>
in the same way described above. For most components, the log4j logging level
must also be set to
DEBUG or TRACE to make event-specific logging appear in the Flume logs.</p>
-<p>Here is an example of enabling both configuration logging and raw data
logging while also
-setting the Log4j loglevel to DEBUG for console output:</p>
-<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --name a1
-Dflume.root.logger=DEBUG,console -Dorg.apache.flume.log.printconfig=true
-Dorg.apache.flume.log.rawdata=true
+<p>Here is an example of enabling both configuration logging and raw data
logging:</p>
+<div class="highlight-none"><div class="highlight"><pre>$ bin/flume-ng agent
--conf conf --conf-file example.conf --name a1
-Dorg.apache.flume.log.printconfig=true -Dorg.apache.flume.log.rawdata=true
</pre></div>
</div>
</div>
@@ -374,7 +372,7 @@ Following is how the Zookeeper Node tree would look like
for agents a1 and a2</p
</div>
<p>Once the configuration file is uploaded, start the agent with following
options</p>
<blockquote>
-<div>$ bin/flume-ng agent –conf conf -z zkhost:2181,zkhost1:2181 -p
/flume –name a1 -Dflume.root.logger=INFO,console</div></blockquote>
+<div>$ bin/flume-ng agent –conf conf -z zkhost:2181,zkhost1:2181 -p
/flume –name a1</div></blockquote>
<table border="1" class="docutils">
<colgroup>
<col width="17%" />
@@ -7679,7 +7677,7 @@ source code of the components.</p>
<div class="section" id="sinks-1">
<h4>Sinks 1<a class="headerlink" href="#sinks-1" title="Permalink to this
headline">¶</a></h4>
<div class="system-message">
-<p class="system-message-title">System Message: ERROR/3 (<tt
class="docutils">/Users/rgoers/projects/apache/flume/flume-site/source/sphinx/FlumeUserGuide.rst</tt>,
line 5070)</p>
+<p class="system-message-title">System Message: ERROR/3 (<tt
class="docutils">/Users/rgoers/projects/apache/flume/flume-site/source/sphinx/FlumeUserGuide.rst</tt>,
line 5068)</p>
<p>Malformed table.</p>
<div class="highlight-none"><div
class="highlight"><pre>+------------------------+-------------+------------+-------+--------+
| | Avro/Thrift | AsyncHBase | HBase | HBase2 |
@@ -8666,6 +8664,7 @@ can be leveraged to move the Flume agent to another
host.</p>
<ul>
<li class="toctree-l1"><a class="reference internal"
href="getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="releases/index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="mailinglists.html">Mailing lists</a></li>
diff --git a/content/releases/index.html b/content/releases/index.html
index cb45225..445fa76 100644
--- a/content/releases/index.html
+++ b/content/releases/index.html
@@ -94,6 +94,7 @@
<ul class="current">
<li class="toctree-l1"><a class="reference internal"
href="../getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="../security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../documentation.html">Documentation</a></li>
<li class="toctree-l1 current"><a class="current reference internal"
href="">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="../mailinglists.html">Mailing lists</a></li>
diff --git a/content/search.html b/content/search.html
index df2fcc4..85e4594 100644
--- a/content/search.html
+++ b/content/search.html
@@ -95,6 +95,7 @@
<ul>
<li class="toctree-l1"><a class="reference internal"
href="getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="releases/index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="mailinglists.html">Mailing lists</a></li>
diff --git a/content/searchindex.js b/content/searchindex.js
index b38b6e9..5e4c145 100644
--- a/content/searchindex.js
+++ b/content/searchindex.js
@@ -1 +1 @@
-Search.setIndex({objtypes:{},objects:{},titles:["Version 1.0.0 -
Incubating","Version 1.10.0","Version 1.1.0 - Incubating","Version
1.3.1","Version 1.4.0","Version 1.5.0","Version 1.2.0","Version 1.3.0","Version
1.8.0","Flume 1.10.0 Developer Guide","Version 1.9.0","Version
1.5.0.1","Version 1.6.0","Source Repository","Version 1.5.2","Version
1.7.0","Mailing lists","Download","Flume 1.10.0 User
Guide","Testing","Documentation","Welcome to Apache
Flume","Releases","Team","How to Get Invol [...]
\ No newline at end of file
+Search.setIndex({objtypes:{},objects:{},titles:["Version 1.0.0 -
Incubating","Version 1.1.0 - Incubating","Version 1.10.0","Version
1.4.0","Version 1.3.1","Version 1.5.0","Version 1.2.0","Version 1.3.0","Flume
1.10.0 Developer Guide","Version 1.8.0","Version 1.5.0.1","Version
1.9.0","Version 1.6.0","Source Repository","Version 1.5.2","Version
1.7.0","Apache Flume Security Vulnerabilities","Download","Mailing
lists","Flume 1.10.0 User Guide","Testing","Documentation","Welcome to Apache
Fl [...]
\ No newline at end of file
diff --git a/content/mailinglists.html b/content/security.html
similarity index 57%
copy from content/mailinglists.html
copy to content/security.html
index ed28568..e8c829a 100644
--- a/content/mailinglists.html
+++ b/content/security.html
@@ -7,7 +7,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Mailing lists — Apache Flume</title>
+ <title>Apache Flume Security Vulnerabilities — Apache Flume</title>
<link rel="stylesheet" href="_static/flume.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
@@ -25,8 +25,8 @@
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="top" title="Apache Flume" href="index.html" />
- <link rel="next" title="Team" href="team.html" />
- <link rel="prev" title="Version 1.0.0 - Incubating"
href="releases/1.0.0.html" />
+ <link rel="next" title="Documentation" href="documentation.html" />
+ <link rel="prev" title="Download" href="download.html" />
</head>
<body>
<div class="header">
@@ -59,46 +59,45 @@
<div class="bodywrapper">
<div class="body">
- <div class="section" id="mailing-lists">
-<h1>Mailing lists<a class="headerlink" href="#mailing-lists" title="Permalink
to this headline">¶</a></h1>
-<p>These are the mailing lists that have been established for the Apache Flume
project. For each list, there is a subscribe, unsubscribe, and an archive
link.</p>
+ <div class="section" id="apache-flume-security-vulnerabilities">
+<h1>Apache Flume Security Vulnerabilities<a class="headerlink"
href="#apache-flume-security-vulnerabilities" title="Permalink to this
headline">¶</a></h1>
+<p>This page lists all the security vulnerabilities fixed in released versions
of Apache Flume. Each vulnerability is given a security impact rating by the
Apache Flume security team. Note that this rating may vary from platform to
platform. We also list the versions of Apache Flume the flaw is known to
affect, and where a flaw has not been verified list the version with a question
mark.</p>
+<p>Binary patches are never provided. If you need to apply a source code
patch, use the building instructions for the Apache Flume version that you are
using.</p>
+<p>If you need help on building or configuring Flume or other help on
following the instructions to mitigate the known vulnerabilities listed here,
please subscribe to, and send your questions to the public Flume Users mailing
list.</p>
+<p>If you have encountered an unlisted security vulnerability or other
unexpected behaviour that has security impact, or if the descriptions here are
incomplete, please report them privately to the <a class="reference external"
href="mailto:private%40flume.apche.org";>Flume
SecurityTeam</a>. Thank you!</p>
+<p class="rubric">Fixed in Flume 1.10.0</p>
+<p><a class="reference external"
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25167";>CVE-2022-25167</a>:
Apache Flume vulnerable to a JNDI RCE in JMSSource.</p>
<table border="1" class="docutils">
<colgroup>
-<col width="26%" />
-<col width="21%" />
-<col width="21%" />
-<col width="32%" />
+<col width="53%" />
+<col width="47%" />
</colgroup>
<thead valign="bottom">
-<tr class="row-odd"><th class="head">Name</th>
-<th class="head">Subscribe</th>
-<th class="head">Unsubscribe</th>
-<th class="head">List Archive</th>
+<tr class="row-odd"><th class="head"><a class="reference external"
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25167";>CVE-2022-25167</a></th>
+<th class="head">Deserialization of Untrusted Data</th>
</tr>
</thead>
<tbody valign="top">
-<tr class="row-even"><td>Flume User List</td>
-<td><a class="reference external"
href="mailto:user-subscribe%40flume.apache.org";>user
subscribe</a></td>
-<td><a class="reference external"
href="mailto:user-unsubscribe%40flume.apache.org";>user
unsubscribe</a></td>
-<td><a class="reference external"
href="https://lists.apache.org/list.html?user@flume.apache.org";>Flume User
List Archive</a></td>
+<tr class="row-even"><td>Severity</td>
+<td>Moderate</td>
</tr>
-<tr class="row-odd"><td>Flume Developers List</td>
-<td><a class="reference external"
href="mailto:dev-subscribe%40flume.apache.org";>dev
subscribe</a></td>
-<td><a class="reference external"
href="mailto:dev-unsubscribe%40flume.apache.org";>dev
unsubscribe</a></td>
-<td><a class="reference external"
href="https://lists.apache.org/list.html?dev@flume.apache.org";>Flume
Developer List Archive</a></td>
+<tr class="row-odd"><td>Base CVSS SCore</td>
+<td>6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)</td>
</tr>
-<tr class="row-even"><td>Flume Commits List</td>
-<td><a class="reference external"
href="mailto:commits-subscribe%40flume.apache.org";>commit
subscribe</a></td>
-<td><a class="reference external"
href="mailto:commits-unsubscribe%40flume.apache.org";>commit
unsubscribe</a></td>
-<td><a class="reference external"
href="https://lists.apache.org/list.html?commits@flume.apache.org";>Flume
Commits List Archive</a></td>
-</tr>
-<tr class="row-odd"><td>Flume Issues List</td>
-<td><a class="reference external"
href="mailto:issues-subscribe%40flume.apache.org";>issues
subscribe</a></td>
-<td><a class="reference external"
href="mailto:issues-unsubscribe%40flume.apache.org";>issues
unsubscribe</a></td>
-<td><a class="reference external"
href="https://lists.apache.org/list.html?issues@flume.apache.org";>Flume
Issues List Archive</a></td>
+<tr class="row-even"><td>Versions Affected</td>
+<td>FLume 1.4.0 through 1.9.0</td>
</tr>
</tbody>
</table>
+<p class="rubric">Description</p>
+<p>Flume’s JMSSource class can be configured with a connection factory
name. A JNDI lookup is performed on this name without performing an validation.
This could result in untrusted data being deserialized.</p>
+<p class="rubric">Mitigation</p>
+<p>Upgrade to Flume 1.10.0.</p>
+<p>In releases 1.4.0 through 1.9.0 the JMSSource should not be used.</p>
+<p class="rubric">Release Details</p>
+<p>In release 1.10.0, if a protocol is specified in the connection factory
parameter only the java protocol will be allowed. If no protocol is specified
it will also be allowed.</p>
+<p class="rubric">Credit</p>
+<p>This issue was found by the Flume development team.</p>
</div>
@@ -110,9 +109,10 @@
<ul class="current">
<li class="toctree-l1"><a class="reference internal"
href="getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="download.html">Download</a></li>
+<li class="toctree-l1 current"><a class="current reference internal"
href="">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="releases/index.html">Releases</a></li>
-<li class="toctree-l1 current"><a class="current reference internal"
href="">Mailing lists</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="mailinglists.html">Mailing lists</a></li>
<li class="toctree-l1"><a class="reference internal"
href="team.html">Team</a></li>
<li class="toctree-l1"><a class="reference internal" href="source.html">Source
Repository</a></li>
<li class="toctree-l1"><a class="reference internal"
href="testing.html">Testing</a></li>
diff --git a/content/source.html b/content/source.html
index 52f1281..6b64b31 100644
--- a/content/source.html
+++ b/content/source.html
@@ -139,6 +139,7 @@ the source code.</p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal"
href="getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="releases/index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="mailinglists.html">Mailing lists</a></li>
diff --git a/content/team.html b/content/team.html
index ef97387..7a9abd7 100644
--- a/content/team.html
+++ b/content/team.html
@@ -330,6 +330,7 @@ to the project are greatly appreciated.</p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal"
href="getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="releases/index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="mailinglists.html">Mailing lists</a></li>
diff --git a/content/testing.html b/content/testing.html
index 98cbf9f..a7d1189 100644
--- a/content/testing.html
+++ b/content/testing.html
@@ -75,6 +75,7 @@ and all Pull Requests at GitHub.</p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal"
href="getinvolved.html">How to Get Involved</a></li>
<li class="toctree-l1"><a class="reference internal"
href="download.html">Download</a></li>
+<li class="toctree-l1"><a class="reference internal"
href="security.html">Apache Flume Security Vulnerabilities</a></li>
<li class="toctree-l1"><a class="reference internal"
href="documentation.html">Documentation</a></li>
<li class="toctree-l1"><a class="reference internal"
href="releases/index.html">Releases</a></li>
<li class="toctree-l1"><a class="reference internal"
href="mailinglists.html">Mailing lists</a></li>
diff --git a/source/sphinx/FlumeUserGuide.rst b/source/sphinx/FlumeUserGuide.rst
index 7d7b3fd..dc5b2b7 100644
--- a/source/sphinx/FlumeUserGuide.rst
+++ b/source/sphinx/FlumeUserGuide.rst
@@ -197,11 +197,10 @@ several named agents; when a given Flume process is
launched a flag is passed te
Given this configuration file, we can start Flume as follows::
- $ bin/flume-ng agent --conf conf --conf-file example.conf --name a1
-Dflume.root.logger=INFO,console
+ $ bin/flume-ng agent --conf conf --conf-file example.conf --name a1
Note that in a full deployment we would typically include one more option:
``--conf=<conf-dir>``.
-The ``<conf-dir>`` directory would include a shell script *flume-env.sh* and
potentially a log4j properties file.
-In this example, we pass a Java option to force Flume to log to the console
and we go without a custom environment script.
+The ``<conf-dir>`` directory would include a shell script *flume-env.sh* and
potentially a log4j configuration file.
From a separate terminal, we can then telnet port 44444 and send Flume an
event:
@@ -249,7 +248,7 @@ configurations will be processed before any of the
--conf-file configurations ar
For example, a configuration of::
- $ bin/flume-ng agent --conf conf --conf-file example.conf --conf-uri
http://localhost:80/flume.conf --conf-uri http://localhost:80/override.conf
--name a1 -Dflume.root.logger=INFO,console
+ $ bin/flume-ng agent --conf conf --conf-file example.conf --conf-uri
http://localhost:80/flume.conf --conf-uri http://localhost:80/override.conf
--name a1
will cause flume.conf to be read first, override.conf to be merged with it and
finally example.conf would be
merged last. If it is desirec to have example.conf be the base configuration
it should be specified using the
@@ -278,7 +277,7 @@ class using the default set of Lookups along with a lookup
that uses the configu
source for replacement values.
For example::
- $ NC_PORT=44444 bin/flume-ng agent --conf conf --conf-file example.conf
--name a1 -Dflume.root.logger=INFO,console
+ $ NC_PORT=44444 bin/flume-ng agent --conf conf --conf-file example.conf
--name a1
Note the above is just an example, environment variables can be configured in
other ways, including being set in `conf/flume-env.sh`.
@@ -292,7 +291,7 @@ As noted, system properties are also supported, so the
configuration::
could be used and the startup command could be::
- $ bin/flume-ng agent --conf conf --conf-file example.conf --name a1
-Dflume.root.logger=INFO,console -DNC_PORT=44444
+ $ bin/flume-ng agent --conf conf --conf-file example.conf --name a1
-DNC_PORT=44444
Furthermore, because multiple configuration files are allowed the first file
could contain::
@@ -308,7 +307,7 @@ and the override file could contain::
In this case the startup command could be::
- $ bin/flume-ng agent --conf conf --conf-file example.conf --conf-file
override.conf --name a1 -Dflume.root.logger=INFO,console
+ $ bin/flume-ng agent --conf conf --conf-file example.conf --conf-file
override.conf --name a1
Note that the method for specifying environment variables as was done in prior
versions will stil work
but has been deprecated in favor of using ${env:varName}.
@@ -348,10 +347,9 @@ To enable data logging, set the Java system property
``-Dorg.apache.flume.log.ra
in the same way described above. For most components, the log4j logging level
must also be set to
DEBUG or TRACE to make event-specific logging appear in the Flume logs.
-Here is an example of enabling both configuration logging and raw data logging
while also
-setting the Log4j loglevel to DEBUG for console output::
+Here is an example of enabling both configuration logging and raw data
logging::
- $ bin/flume-ng agent --conf conf --conf-file example.conf --name a1
-Dflume.root.logger=DEBUG,console -Dorg.apache.flume.log.printconfig=true
-Dorg.apache.flume.log.rawdata=true
+ $ bin/flume-ng agent --conf conf --conf-file example.conf --name a1
-Dorg.apache.flume.log.printconfig=true -Dorg.apache.flume.log.rawdata=true
Zookeeper based Configuration
@@ -369,7 +367,7 @@ Following is how the Zookeeper Node tree would look like
for agents a1 and a2
Once the configuration file is uploaded, start the agent with following options
- $ bin/flume-ng agent --conf conf -z zkhost:2181,zkhost1:2181 -p /flume
--name a1 -Dflume.root.logger=INFO,console
+ $ bin/flume-ng agent --conf conf -z zkhost:2181,zkhost1:2181 -p /flume
--name a1
================== ================
=========================================================================
Argument Name Default Description
diff --git a/source/sphinx/index.rst b/source/sphinx/index.rst
index a750734..b5a92b7 100644
--- a/source/sphinx/index.rst
+++ b/source/sphinx/index.rst
@@ -33,7 +33,7 @@ application.
.. raw:: html
- <h3>June 5, 2022 - Apache Flume 1.10.0 Released</h3>
+ <h3>June 13, 2022 - Apache Flume 1.10.0 Released</h3>
The Apache Flume team is pleased to announce the release of Flume 1.10.0.
@@ -43,6 +43,9 @@ collecting, aggregating, and moving large amounts of
streaming event data.
Flume 1.10.0 is stable, production-ready software, and is backwards-compatible
with
previous versions of the Flume 1.x codeline.
+Flume 1.10.0 contains a fix for `CVE-2022-25167
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25167>`__.
+See the `Flume Security <./security.html>`__ page for more details.
+
This version of Flume upgrades many dependencies, resolving the CVEs
associated with them.
Enhancements included in this release include the addition of a
LoadBalancingChannelSelector,
the ability to retrieve the Flume configuration from a remote source such as a
Spring
@@ -575,6 +578,7 @@ Feel free to post to the User's mailing list with any
questions.
getinvolved
download
+ security
documentation
releases/index
mailinglists
diff --git a/source/sphinx/security.rst b/source/sphinx/security.rst
new file mode 100644
index 0000000..eef07a2
--- /dev/null
+++ b/source/sphinx/security.rst
@@ -0,0 +1,43 @@
+=====================================
+Apache Flume Security Vulnerabilities
+=====================================
+
+This page lists all the security vulnerabilities fixed in released versions of
Apache Flume. Each vulnerability is given a security impact rating by the
Apache Flume security team. Note that this rating may vary from platform to
platform. We also list the versions of Apache Flume the flaw is known to
affect, and where a flaw has not been verified list the version with a question
mark.
+
+Binary patches are never provided. If you need to apply a source code patch,
use the building instructions for the Apache Flume version that you are using.
+
+If you need help on building or configuring Flume or other help on following
the instructions to mitigate the known vulnerabilities listed here, please
subscribe to, and send your questions to the public Flume Users mailing list.
+
+If you have encountered an unlisted security vulnerability or other unexpected
behaviour that has security impact, or if the descriptions here are incomplete,
please report them privately to the `Flume SecurityTeam
<mailto:[email protected]>`__. Thank you!
+
+.. rubric:: Fixed in Flume 1.10.0
+
+`CVE-2022-25167
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25167>`__: Apache
Flume vulnerable to a JNDI RCE in JMSSource.
+
++------------------------------------------------------------------------------------+--------------------------------------------------------------------------+
+| `CVE-2022-25167
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25167>`__ |
Deserialization of Untrusted Data |
++====================================================================================+==========================================================================+
+| Severity
| Moderate
|
++------------------------------------------------------------------------------------+--------------------------------------------------------------------------+
+| Base CVSS SCore
| 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
|
++------------------------------------------------------------------------------------+--------------------------------------------------------------------------+
+| Versions Affected
| Flume 1.4.0 through 1.9.0
|
++------------------------------------------------------------------------------------+--------------------------------------------------------------------------+
+
+.. rubric:: Description
+
+Flume's JMSSource class can be configured with a connection factory name. A
JNDI lookup is performed on this name without performing an validation. This
could result in untrusted data being deserialized.
+
+.. rubric:: Mitigation
+
+Upgrade to Flume 1.10.0.
+
+In releases 1.4.0 through 1.9.0 the JMSSource should not be used.
+
+.. rubric:: Release Details
+
+In release 1.10.0, if a protocol is specified in the connection factory
parameter only the java protocol will be allowed. If no protocol is specified
it will also be allowed.
+
+.. rubric:: Credit
+
+This issue was found by the Flume development team.
