logstash how to solve the problem about jackson-databind CVE-2019-12384
my path is:
/usr/local/logstash/logstash-core/lib/jars/jackson-annotations-2.9.5.jar
it is seem the jackson lib version is 2.9.5,
This bug must update the jackson lib to 2.9.9.1
But the lastest logstash's version of jackson lib is 2.9.8,So i don't know how to solve this problem , Anyone can help me ?
Logstash is not vulnerable to this CVE.
We only use Jackson to deserialise JSON strings into a fixed (controlled by us) set of internal or standard Ruby/Java classes and then to serialise these same fixed set of classes into standard JSON.
We will update Jackson and JrJackson in due course.
Thanks .
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.