[
https://issues.apache.org/jira/browse/FLUME-3426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17538380#comment-17538380
]
Yuval Einstiein commented on FLUME-3426:
----------------------------------------
[~rgoers] - Yes I noticed that there were fixes done, but they were from what I
saw 4 month ago. I wonder when there will be a release of official fix - or at
least a patch version.
> Unresolved Security Issues
> ---------------------------
>
> Key: FLUME-3426
> URL: https://issues.apache.org/jira/browse/FLUME-3426
> Project: Flume
> Issue Type: Bug
> Components: Client SDK
> Reporter: Yuval Einstiein
> Priority: Blocker
>
> Hello Flume Colleagues,
> There are few old reported issues from flume-ng-sdk dependencies which are
> not resolved yet:
> commons-compress 1.4.1 - CVE-2021-35517, CVE-2021-36090
> jackson-mapper-asl 1.9.13 - CVE-2019-10172, CVE-2019-10202
> netty-3.10.6 - CVE-2019-20444
> Can you please advise when a new release / patch will be released to resolve
> these issues?
> Regards
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
