MyGit

parent-0.16.0

prometheus/jmx_exporter

版本发布时间: 2021-07-05 04:57:23

prometheus/jmx_exporter最新发布版本:1.1.0(2024-12-04 13:13:31)

Update SnakeYAML Dependency Version (#592)

Starting with version 0.16.0, the Java agent is released in two versions:

Both versions are built from the same source files and have identical functionality. The only difference is the version of the included snakeyaml dependency.

jmx_exporter uses the snakeyaml library to read the YAML configuration file. Snakeyaml 1.23 is the last release to support Java 6. This version is affected by CVE-2017-18640, which can cause snakeyaml to execute arbitrary code if the YAML file comes from an untrusted source.

This vulnerability does not apply in the context of jmx_exporter, because the agent configuration will not come from an untrusted source. However, even if there is no actual security risk, users find it annoying that their automated security scans report a CVE. In order to prevent this we published a version with an updated snakeyaml dependency that requires Java >= 7.

Other Changes

相关地址:原始地址 下载(tar) 下载(zip)

查看:2021-07-05发行的版本