[
https://issues.apache.org/jira/browse/FLUME-3452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17716864#comment-17716864
]
Nikita Pande commented on FLUME-3452:
-------------------------------------
{color:#172b4d}org.apache.flume : flume-ng-embedded-agent : 1.11.0{color}
* {color:#172b4d}org.apache.flume : flume-ng-configuration : 1.11.0{color}
** {color:#172b4d}org.apache.flume : flume-ng-sdk : 1.11.0{color}
*** {color:#172b4d}org.apache.thrift : libthrift : 0.14.2{color}
**** {color:#172b4d}org.apache.tomcat.embed : tomcat-embed-core : 8.5.46{color}
{color:#172b4d}StillĀ libthrift : 0.14.2 has dependency on tomcat-embed-core :
8.5.46 [~rgoers] {color}
> Transient dependency of tomcat-embed-core : 8.5.46 causing CVE 2020-1938
> ------------------------------------------------------------------------
>
> Key: FLUME-3452
> URL: https://issues.apache.org/jira/browse/FLUME-3452
> Project: Flume
> Issue Type: Improvement
> Affects Versions: notrack
> Reporter: Nikita Pande
> Priority: Major
> Fix For: 1.12.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> org.apache.thrift:libthrift:0.14.1 has dependency on tomcat-embed-core :
> 8.5.46 which is causing CVE 2020-1938
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
