[jira] [Updated] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200

Robert Metzger (Jira) Fri, 23 Oct 2020 05:41:49 -0700


     [ 
https://issues.apache.org/jira/browse/FLINK-19784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robert Metzger updated FLINK-19784:
-----------------------------------
    Summary: Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200  (was: 
Upgrade okhttp to 3.13.0 or newer)

> Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200
> -------------------------------------------------------
>
>                 Key: FLINK-19784
>                 URL: https://issues.apache.org/jira/browse/FLINK-19784
>             Project: Flink
>          Issue Type: Task
>          Components: Runtime / Metrics
>    Affects Versions: 1.12.0, 1.11.2
>            Reporter: Till Rohrmann
>            Priority: Critical
>             Fix For: 1.12.0, 1.11.3
>
>
> A user reported a dependency vulnerability which affects {{okhttp}} [1]. We 
> should upgrade this dependency to {{3.13.0}} or newer. The dependency is used 
> by the datadog reporter.
> [1] 
> https://lists.apache.org/thread.html/r0dd7ff197b2e3bdd80a0326587ca3d0c22e10d1dba17c769d6da7d7a%40%3Cuser.flink.apache.org%3E



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200

Reply via email to