Use a vuln free version of fasterxml

awslabs / amazon-kinesis-agent

Continuously monitors a set of log files and sends new data to the Amazon Kinesis Stream and Amazon Kinesis Firehose in near-real-time.

Other

358 stars 223 forks source link

Use a vuln free version of fasterxml #242

Open mpatnode opened 2 years ago

mpatnode commented 2 years ago

Though it may not be exploitable, the noise created by Snyk image scans which contain the agent would be very nice to fix.

Name : com.fasterxml.jackson.dataformat:jackson-dataformat-cbor Version : 0:2.10.3 File path : usr/share/aws-kinesis-agent/lib/jackson-dataformat-cbor-2.10.3.jar

https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329

mpatnode commented 2 years ago

If anyone is interested in helping me test this change, you can grab the RPM (or code) here: https://github.com/britive/amazon-kinesis-agent/raw/master/rpm/aws-kinesis-agent-2.0.6-1b.amzn2.noarch.rpm Unfortunately, it's not clear to me how to setup and run the test suite.