CVE-2021-42010: Apache Heron (Incubating): CRLF log injection

[Josh Fischer <joshfischer () apache org>]

Severity: low

Description:

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements.  
Please update to version 0.20.5-incubating which addresses this issue. 

Credit:

The Apache Heron (Incubating) project would like to thank Bo Yu for bringing this matter to our attention.