CVE-2022-42468 - Apache Flume Improper Input Validation (JNDI Injection) in JMSSource

Severity, medium Description: Flume’s JMSSource class can be configured with a providerUrl parameter. A JNDI lookup is performed on this name without performing an validation. This could result in untrusted data being deserialized. Mitigation Upgrade to Flume 1.11.0. In releases 1.4.0 through

[ANNOUNCE] Release of Apache Flume 1.11.0

The Apache Flume team is pleased to announce the release of Flume version 1.11.0. Flume is a distributed, reliable, and available service for efficiently collecting, aggregating, and moving large amounts of log data. This release can be downloaded from the Flume download page at: http://flum