[
https://issues.apache.org/jira/browse/FLINK-8308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16348251#comment-16348251
]
ASF GitHub Bot commented on FLINK-8308:
---------------------------------------
Github user StevenLangbroek commented on the issue:
https://github.com/apache/flink/pull/5395
[Ruby 2.0.0 support
status](https://www.ruby-lang.org/en/news/2016/02/24/support-plan-of-ruby-2-0-0-and-2-1/)
> As it has been announced before, all support for Ruby 2.0.0 has ended
today *(note: february 2016)*. Bug and security fixes from more recent Ruby
versions will no longer be backported to 2.0.0, and no further patch release of
2.0.0 will be released.
Running old software is always a security risk.
> Update yajl-ruby dependency to 1.3.1 or higher
> ----------------------------------------------
>
> Key: FLINK-8308
> URL: https://issues.apache.org/jira/browse/FLINK-8308
> Project: Flink
> Issue Type: Task
> Components: Project Website
> Reporter: Fabian Hueske
> Assignee: Steven Langbroek
> Priority: Critical
> Fix For: 1.5.0, 1.4.1
>
>
> We got notified that yajl-ruby < 1.3.1, a dependency which is used to build
> the Flink website, has a security vulnerability of high severity.
> We should update yajl-ruby to 1.3.1 or higher.
> Since the website is built offline and served as static HTML, I don't think
> this is a super critical issue (please correct me if I'm wrong), but we
> should resolve this soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
