CVE-2021-31799 critical vulnerability

[azad narwariya]

Hi,

CVE-2021-31799  this is rdoc-5.0.1 related vulnerability and it will be resolved in rdoc-6.3.1.

and community suggested that it will be fixed in td-agent 4.2.0 release but I have checked in it also its version is still vulnerable .

[ cloud-user]# rpm -qa | grep td-agent

td-agent-4.2.0-1.el7.x86_64

[cloud-user]# td-agent-gem list | grep rdoc

rdoc (default: 6.2.1.1)

 

kindly provide clarification why its version is not upgraded in td-agent 4.2.0?

[Takuro Ashie]

> kindly provide clarification why its version is not upgraded in td-agent 4.2.0?

You can see the answer here:

https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-7-4-released/

https://github.com/fluent-plugins-nursery/fluent-package-builder/issues/325

2021年9月2日(木) 18:59 azad narwariya <narwar...@gmail.com>:

--
You received this message because you are subscribed to the Google Groups "Fluentd Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fluentd+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/fluentd/e7a01899-04dd-4f0b-b5de-664393ab7349n%40googlegroups.com.