[
https://issues.apache.org/jira/browse/FLUME-3426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17537715#comment-17537715
]
Ralph Goers commented on FLUME-3426:
------------------------------------
Actually, if you look at the source I think you'd find they have all been
resolved. They just have not been included in a release yet. That process is
in the works.
> Unresolved Security Issues
> ---------------------------
>
> Key: FLUME-3426
> URL: https://issues.apache.org/jira/browse/FLUME-3426
> Project: Flume
> Issue Type: Bug
> Components: Client SDK
> Reporter: Yuval Einstiein
> Priority: Blocker
>
> Hello Flume Colleagues,
> There are few old reported issues from flume-ng-sdk dependencies which are
> not resolved yet:
> commons-compress 1.4.1 - CVE-2021-35517, CVE-2021-36090
> jackson-mapper-asl 1.9.13 - CVE-2019-10172, CVE-2019-10202
> netty-3.10.6 - CVE-2019-20444
> Can you please advise when a new release / patch will be released to resolve
> these issues?
> Regards
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
