Upgrade of dependent jars in logstash

(Jaankit) #1

Following dependent jar files are flagged as vulnerable in logstash package:

  1. bouncycastle (logstash & elasticsearch)

Name
bouncycastle
Version
1.56 OUTDATED
Latest version
1.60

  1. guava (logstash)

Name
guava
Version
22.0 OUTDATED
Latest version
23.0

  1. derby (logstash)

Name
derby
Version
Latest version
10.14.2.0

Is there any plan to upgrade these dependency in upcoming logstash releases?

(Ry Biesemeyer) unlisted #2
(system) closed #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.