Steven Barger created FLUME-3253:
------------------------------------
Summary: Vulnerability for new BlackDuck scan for APM_Dynatrace
using Apache Flume 1.8
Key: FLUME-3253
URL: https://issues.apache.org/jira/browse/FLUME-3253
Project: Flume
Issue Type: Bug
Components: Build
Affects Versions: 1.8.0
Reporter: Steven Barger
Fix For: 2.0.0
The Splunk app APM_Dynatrace ([https://splunkbase.splunk.com/app/1593/)] uses
Apache Flume 1.8 and has Jackson-Databind vulnerabilities that are detected by
our Black Duck scans. This is a critical application for our Splunk
environment, and needs the updates for Apache Flume 1.8 and greater. The
Jackson-Databind is updated in its versions 2.8.11+, but the Apache Flume is
only packaged with 2.8.9 version. Please update the Apache Flume with the
latest Jackson-Databind update to resolve the vulnerability. This needs
addressed as soon as possible in order for us to consider the Splunk app
APM_Dynatrace in our prod environment and it is a critical application. This
has been escalated to our Dynatrace partners and reps (Jason Freeman) and now
requires Apache Flume to be updated.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
