Release Release v1.21.1 · aws-observability/aws-otel-java-instrumentation

This release updates the repackaged OpenTelemetry Java Agent to 1.21.1.

Check out the release notes for upstream versions

https://github.com/open-telemetry/opentelemetry-java/releases/tag/v1.21.0
https://github.com/open-telemetry/opentelemetry-java-contrib/releases/tag/v1.21.0
https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/tag/v1.21.0

Other changes:

Patch upstream dependencies to remove dependency on snakeyaml (#322)

Notice

We are aware of a potential issue in the upstream opentelemetry-java and opentelemetry-java-instrumentation with regards to the usage of the snakeyaml library (CVE-2022-1471), used by the AWS Distribution for Open Telemetry (ADOT) OpenTelemetry Java Agent up to and including v1.21.0.
We have prepared a new release, v1.21.1, of the ADOT Java Agent using a patched version of the upstream dependencies, removing the usage of the yamlsnake library (#322). There are no functional changes from the previous version. We recommend that customers update their ADOT Java Agent to at least v1.21.1 at the earliest opportunity. See the instructions for information on deploying the latest version.

Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release v1.21.1

Notice