Fabian Hueske created FLINK-10007:
-------------------------------------
Summary: Security vulnerability in website build infrastructure
Key: FLINK-10007
URL: https://issues.apache.org/jira/browse/FLINK-10007
Project: Flink
Issue Type: Bug
Components: Project Website
Reporter: Fabian Hueske
We've got a notification from Apache INFRA about a potential security
vulnerability:
{quote}
We found a potential security vulnerability in a repository for which you have
been granted security alert access.
@apache apache/flink-web
Known high severity security vulnerability detected in yajl-ruby < 1.3.1
defined in Gemfile.
Gemfile update suggested: yajl-ruby ~> 1.3.1.
{quote}
This is a problem with the build environment of the website, i.e., this
dependency is not distributed or executed with Flink but only run when the
website is updated.
Nonetheless, we should of course update the dependency.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
