I just released a minor updated to the jmx_exporter (

It fixes a false positive CVE warning. The Java 7+ binary of the previous 
release contains metadata pointing to the snakeyaml library version 1.23. 
This causes the Trivy security scanner 
<https://github.com/aquasecurity/trivy> to wrongly report CVE-2017-18640 
<https://nvd.nist.gov/vuln/detail/CVE-2017-18640>, even though that 
snakeyaml version is not included in the binary.

Update 0.16.1 removes the misleading metadata.


You received this message because you are subscribed to the Google Groups 
"prometheus-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prometheus-announce+unsubscr...@googlegroups.com.
To view this discussion on the web, visit 

Reply via email to