my company is pushing me for fixing vulnerablities in logstash, at this point i am in learning mode.
when i looking at the below vulnerablity, does this need ruby-maven-libs upgrade or just guava upgrade
Required_Version Language Install_Path com.google.guava:guava 18.0 24.1.1 Java usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/ruby-maven-libs-3.3.9/maven-home/lib/guava-18.0.jar
Hello,
Please check your other posts about similar issues, the answer is the same.
You cannot upgrade individual dependencies, you need to upgrade the entire Logstash, if the latest version still does not have this fixed you need to report to elastic using the e-mail security@elastic.co.
thanks emailed security@
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.