Skip to content
This repository was archived by the owner on Jan 7, 2026. It is now read-only.

logstash: add pending-upstream-fix advisories for GHSA-j4pr-3wm6-xx2r#28258

Merged
dnegreira merged 1 commit intowolfi-dev:mainfrom
jamie-albert:logstash-jruby-advisory
Jan 7, 2026
Merged

logstash: add pending-upstream-fix advisories for GHSA-j4pr-3wm6-xx2r#28258
dnegreira merged 1 commit intowolfi-dev:mainfrom
jamie-albert:logstash-jruby-advisory

Conversation

@jamie-albert
Copy link
Member

@jamie-albert jamie-albert commented Jan 7, 2026

Summary

Adds pending-upstream-fix advisories for GHSA-j4pr-3wm6-xx2r across 2 logstash packages.

CVE Details

Affected Packages

  • logstash-9.1 (new advisory)
  • logstash-9.2 (added event to existing advisory)

Blocker Reason

Logstash will need to update the version of jruby used. Upstream's CI has found issues with jruby version bumps in the past, upstream maintainers will be required to implement this change.

Related Issues

@jamie-albert
logstash: add pending-upstream-fix advisories for GHSA-j4pr-3wm6-xx2r
7e84993 
Added pending-upstream-fix advisories for GHSA-j4pr-3wm6-xx2r (CVE-2025-61594)
across 2 logstash packages:
- logstash-9.1 (new advisory)
- logstash-9.2 (added event)

All affected by jruby version dependency. Upstream CI has encountered issues
with jruby version bumps, requiring upstream maintainers to implement the fix.
@dnegreira dnegreira added this pull request to the merge queue Jan 7, 2026
Merged via the queue into wolfi-dev:main with commit 1db0336 Jan 7, 2026
4 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@dnegreira dnegreira dnegreira approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jamie-albert @dnegreira

Comments