Severity: low Description:
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue. Credit: The Apache Heron (Incubating) project would like to thank Bo Yu for bringing this matter to our attention.
