[
https://issues.apache.org/jira/browse/FLUME-3253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16686765#comment-16686765
]
ASF GitHub Bot commented on FLUME-3253:
---------------------------------------
Github user asfgit closed the pull request at:
https://github.com/apache/flume/pull/236
> JP Morgan Chase scan shows vulnerabilities for Splunk App using Apache Flume
> 1.8
> --------------------------------------------------------------------------------
>
> Key: FLUME-3253
> URL: https://issues.apache.org/jira/browse/FLUME-3253
> Project: Flume
> Issue Type: Bug
> Components: Build
> Affects Versions: 1.8.0
> Reporter: Steven Barger
> Assignee: Peter Turcsanyi
> Priority: Critical
> Labels: patch
> Fix For: 1.9.0
>
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> The Splunk app APM_Dynatrace ([https://splunkbase.splunk.com/app/1593/)] uses
> Apache Flume 1.8 and has Jackson-Databind vulnerabilities that are detected
> by our Black Duck scans. This is a critical application for our Splunk
> environment, and needs the updates for Apache Flume 1.8 and greater. The
> Jackson-Databind is updated in its versions 2.8.11+, but the Apache Flume is
> only packaged with 2.8.9 version. Please update the Apache Flume with the
> latest Jackson-Databind update to resolve the vulnerability. This needs
> addressed as soon as possible in order for us to consider the Splunk app
> APM_Dynatrace in our prod environment and it is a critical application. This
> has been escalated within JP Morgan Chase to our Dynatrace partners and rep
> (Jason Freeman) and now requires Apache Flume to be updated.
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
