Open olukas opened 3 years ago
Reopening. According to the report it seems org.yaml:snakeyaml:1.16
is also shaded in jmx_prometheus_javaagent-0.13.0.jar
which is part of our distribution.
the latest version of jmx_prometheus_javaagent
(0.15.0
) shades org.yaml:snakeyaml:1.23
which still has this vulnerability. We can update this dependency once it will be fixed on prometheus side. (see https://github.com/prometheus/jmx_exporter/pull/585)
Jet uses Snakeyaml
1.15
,1.16
and1.17
which includes following vulnerabilities: