+1; anything below 2.10.x seems to be EOL Best, D.
On Mon, Oct 17, 2022 at 10:48 AM Márton Balassi <balassi.mar...@gmail.com> wrote: > Hi Martjin, > > +1 for 2.10.2. Do you expect to have bandwidth in the near term to > implement the bump? > > On Wed, Oct 5, 2022 at 5:00 PM Gabor Somogyi <gabor.g.somo...@gmail.com> > wrote: > > > Hi Martin, > > > > Thanks for bringing this up! Lately I was thinking about to bump the > hadoop > > version to at least 2.6.1 to clean up issues like this: > > > > > https://github.com/apache/flink/blob/8d05393f5bcc0a917b2dab3fe81a58acaccabf13/flink-filesystems/flink-hadoop-fs/src/main/java/org/apache/flink/runtime/util/HadoopUtils.java#L157-L159 > > > > All in all +1 from my perspective. > > > > Just a question here. Are we stating the minimum Hadoop version for users > > somewhere in the doc or they need to find it out from source code like > > this? > > > > > https://github.com/apache/flink/blob/3a4c11371e6f2aacd641d86c1d5b4fd86435f802/tools/azure-pipelines/build-apache-repo.yml#L113 > > > > BR, > > G > > > > > > On Wed, Oct 5, 2022 at 5:02 AM Martijn Visser <martijnvis...@apache.org> > > wrote: > > > > > Hi everyone, > > > > > > Little over a year ago a discussion thread was opened on changing the > > > minimal supported version of Hadoop and bringing that to 2.8.5. [1] In > > this > > > discussion thread, I would like to propose to bring that minimal > > supported > > > version of Hadoop to 2.10.2. > > > > > > Hadoop 2.8.5 is vulnerable for multiple CVEs which are classified as > > > Critical. [2] [3]. While Flink is not directly impacted by those, we do > > see > > > vulnerability scanners flag Flink as being vulnerable. We could easily > > > mitigate that by bumping the minimal supported version of Hadoop to > > 2.10.2. > > > > > > I'm looking forward to your opinions on this topic. > > > > > > Best regards, > > > > > > Martijn > > > https://twitter.com/MartijnVisser82 > > > https://github.com/MartijnVisser > > > > > > [1] https://lists.apache.org/thread/81fhnwfxomjhyy59f9bbofk9rxpdxjo5 > > > [2] https://nvd.nist.gov/vuln/detail/CVE-2022-25168 > > > [3] https://nvd.nist.gov/vuln/detail/CVE-2022-26612 > > > > > >
