Version of hazelcast-all used by jamon has security vulnerability

Monitor Java applications - SQL, HTTP, Methods, Exceptions and more.

Brought to you by: stevesouza

Version of hazelcast-all used by jamon has security vulnerability

Forum: Open Discussion

Creator: Chuck Dumont

Created: 2019-10-25

Updated: 2024-05-04

Chuck Dumont - 2019-10-25

The security scans for our product have identified a vulnerability in hazelcast-all, which is a dependency of jamon. See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10750

Could you please either update hazelcast-all to version 3.11 or later and publish a new release, or else post a statement to this forum indicating that jamon is not affected by this vulnerability? Thanks.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Steve Souza - 2024-05-04

Sorry, for the ridiculously late/pointless response, but thought I would answer in case others look.

I hope to update all the libraries jamon uses including hazelcast relatively soon.

If you don't have hazelcast jars in your classpath it won't call any of the hazelcast code. You can also explicitly configure the jamonpersister in the jamon properties file to ensure hazelcast code is not called.

If you would like you can safely remove all hazelcast classes from the jar. I could work with you on this.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.