How to fix vulnerabilities in the maven-core-3.3.9.jar, maven-compat-3.3.9.jar and derby-10.14.1.0.jar. This is reported vulnerable in the latest Logstash package?
DetailedName
org.apache.maven:maven-core 3.3.9
org-apache.maven:maven-compatible 3.3.9
org-apache.derby:derby 10.14.1.0
I need to upgrade the above with latest? Could you please help me with the steps?
I do not think you can upgrade those yourself, you need Elastic to do it. There has been an issue for 5 months on github that mentions all three of these here.
Elastic ask that folks report security issues via email. Not via the forums, not via github. Apparently they even have a bug bounty program for demonstrable security issues.
Thank you @Badger
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.