[jira] [Commented] (FLUME-3253) JP Morgan Chase scan shows vulnerabilities for Splunk App using Apache Flume 1.8

Wed, 14 Nov 2018 09:42:08 -0800 


    [ 
https://issues.apache.org/jira/browse/FLUME-3253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16686901#comment-16686901
 ] 

Hudson commented on FLUME-3253:
-------------------------------

SUCCESS: Integrated in Jenkins build flume-trunk #735 (See 
[https://builds.apache.org/job/flume-trunk/735/])
FLUME-3253 Update jackson-databind dependecy to the latest version (szaboferee: 
[http://git-wip-us.apache.org/repos/asf/flume/repo?p=flume.git&a=commit&h=af23980fb380fcd7ba53d28e5ce195f4b095804c])
* (edit) pom.xml


> JP Morgan Chase scan shows vulnerabilities for Splunk App using Apache Flume 
> 1.8
> --------------------------------------------------------------------------------
>
>                 Key: FLUME-3253
>                 URL: https://issues.apache.org/jira/browse/FLUME-3253
>             Project: Flume
>          Issue Type: Bug
>          Components: Build
>    Affects Versions: 1.8.0
>            Reporter: Steven Barger
>            Assignee: Peter Turcsanyi
>            Priority: Critical
>              Labels: patch
>             Fix For: 1.9.0
>
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> The Splunk app APM_Dynatrace ([https://splunkbase.splunk.com/app/1593/)] uses 
> Apache Flume 1.8 and has Jackson-Databind vulnerabilities that are detected 
> by our Black Duck scans.  This is a critical application for our Splunk 
> environment, and needs the updates for Apache Flume 1.8 and greater.  The 
> Jackson-Databind is updated in its versions 2.8.11+, but the Apache Flume is 
> only packaged with 2.8.9 version.  Please update the Apache Flume with the 
> latest Jackson-Databind update to resolve the vulnerability.  This needs 
> addressed as soon as possible in order for us to consider the Splunk app 
> APM_Dynatrace in our prod environment and it is a critical application.  This 
> has been escalated within JP Morgan Chase to our Dynatrace partners and rep 
> (Jason Freeman) and now requires Apache Flume to be updated.
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to