[
https://issues.apache.org/jira/browse/FLUME-3388?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ralph Goers updated FLUME-3388:
-------------------------------
Fix Version/s: 1.10.0
> Jetty(6.1.26) is vulnerable to vulnerability attack
> ---------------------------------------------------
>
> Key: FLUME-3388
> URL: https://issues.apache.org/jira/browse/FLUME-3388
> Project: Flume
> Issue Type: Dependency upgrade
> Components: Sinks+Sources
> Affects Versions: 1.9.0
> Reporter: Confused
> Priority: Major
> Fix For: 1.10.0
>
> Attachments: image-2021-03-22-15-08-46-549.png
>
>
> Flume source codes depends jetty jar,as shown in the dependency tree figure
> below:
> !image-2021-03-22-15-08-46-549.png!
> But jetty 6.1.26 jar has many vulnerabilities,which make the user's business
> vulnerable to hackers. So, can we upgrade jetty jar to a version without
> vulnerabilities or latest version?
>
> Vulnerabilities:CVE-2020-8908、CVE-2017-7657、CVE-2017-9735、CVE-2020-27216、CVE-2011-4461、CVE-2009-1523、CVE-2017-7656、CVE-2017-7658、CVE-2019-10246、CVE-2019-10241、CVE-2017-7657、CVE-2017-9735、CVE-2017-7656、CVE-2017-7658、CVE-2020-27216、CVE-2009-1523、CVE-2011-4461
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
