Following dependent jar files are flagged as vulnerable in logstash package:
- bouncycastle (logstash & elasticsearch)
Name
bouncycastle
Version
1.56 OUTDATED
Latest version
1.60
- guava (logstash)
Name
guava
Version
22.0 OUTDATED
Latest version
23.0
- derby (logstash)
Name
derby
Version
Latest version
10.14.2.0
Is there any plan to upgrade these dependency in upcoming logstash releases?