[jira] [Commented] (FLINK-8308) Update yajl-ruby dependency to 1.3.1 or higher

ASF GitHub Bot (JIRA) Wed, 31 Jan 2018 14:22:30 -0800

    [ 
https://issues.apache.org/jira/browse/FLINK-8308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16347693#comment-16347693
 ]


ASF GitHub Bot commented on FLINK-8308:
---------------------------------------

Github user uce commented on the issue:

    https://github.com/apache/flink/pull/5395
  
    
https://ci.apache.org/builders/flink-docs-master/builds/977/steps/Flink%20docs/logs/stdio
 says
    ```
    Ruby version:
    ruby 2.0.0p384 (2014-01-12) [x86_64-linux-gnu]
    ```
    
    I can ask INFRA whether it is possible to run a more recent Ruby version.



> Update yajl-ruby dependency to 1.3.1 or higher
> ----------------------------------------------
>
>                 Key: FLINK-8308
>                 URL: https://issues.apache.org/jira/browse/FLINK-8308
>             Project: Flink
>          Issue Type: Task
>          Components: Project Website
>            Reporter: Fabian Hueske
>            Assignee: Steven Langbroek
>            Priority: Critical
>             Fix For: 1.5.0, 1.4.1
>
>
> We got notified that yajl-ruby < 1.3.1, a dependency which is used to build 
> the Flink website, has a  security vulnerability of high severity.
> We should update yajl-ruby to 1.3.1 or higher.
> Since the website is built offline and served as static HTML, I don't think 
> this is a super critical issue (please correct me if I'm wrong), but we 
> should resolve this soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (FLINK-8308) Update yajl-ruby dependency to 1.3.1 or higher

Reply via email to