[
https://issues.apache.org/jira/browse/FLINK-8308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16348739#comment-16348739
]
ASF GitHub Bot commented on FLINK-8308:
---------------------------------------
Github user alpinegizmo commented on the issue:
https://github.com/apache/flink/pull/5395
It looks good, but I haven't tested it. I'm wondering what versions of Ruby
this has been tested with. At a minimum it needs to work with whatever version
we can get on the production build infrastructure, as well as 2.3 and 2.4,
since most developers will have one of those versions. And maybe 2.5, since
that's out now.
> Update yajl-ruby dependency to 1.3.1 or higher
> ----------------------------------------------
>
> Key: FLINK-8308
> URL: https://issues.apache.org/jira/browse/FLINK-8308
> Project: Flink
> Issue Type: Task
> Components: Project Website
> Reporter: Fabian Hueske
> Assignee: Steven Langbroek
> Priority: Critical
> Fix For: 1.5.0, 1.4.1
>
>
> We got notified that yajl-ruby < 1.3.1, a dependency which is used to build
> the Flink website, has a security vulnerability of high severity.
> We should update yajl-ruby to 1.3.1 or higher.
> Since the website is built offline and served as static HTML, I don't think
> this is a super critical issue (please correct me if I'm wrong), but we
> should resolve this soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
