[
https://issues.apache.org/jira/browse/FLUME-3385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lily Warner resolved FLUME-3385.
--------------------------------
Resolution: Fixed
> flume-ng-sdk uses Avro-IPC version with vulnerable version of Jetty
> -------------------------------------------------------------------
>
> Key: FLUME-3385
> URL: https://issues.apache.org/jira/browse/FLUME-3385
> Project: Flume
> Issue Type: Dependency upgrade
> Affects Versions: 1.9.0
> Reporter: Lily Warner
> Priority: Major
> Fix For: 1.10.0
>
>
> Vulnerability: [https://nvd.nist.gov/vuln/detail/CVE-2011-4461]
> Need to upgrade to Avro IPC version
> [1.9.0|https://mvnrepository.com/artifact/org.apache.avro/avro-ipc/1.9.0] or
> later which does not depend on the vulnerable version of Jetty (it actually
> doesn't use Jetty at all)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
