my company is pushing me for fixing vulnerablities in logstash, at this point i am in learning mode.
when i looking at the below vulnerablity, does this need ruby-maven-libs upgrade or just guava upgrade
Required_Version Language Install_Path com.google.guava:guava 18.0 24.1.1 Java usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/ruby-maven-libs-3.3.9/maven-home/lib/guava-18.0.jar
Please check your other posts about similar issues, the answer is the same.
You cannot upgrade individual dependencies, you need to upgrade the entire Logstash, if the latest version still does not have this fixed you need to report to elastic using the e-mail
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.