[
https://issues.apache.org/jira/browse/FLINK-7982?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chesnay Schepler closed FLINK-7982.
-----------------------------------
Resolution: Invalid
It appears as if all of our commons-configuration dependencies are reliant on
Hadoop. Our filesystems that use hadoop3 accordingly use 2.1, and all other
places use whatever Hadoop provides.
As such I'm closing this issue for the time being.
2.2-2.6 also have a critical
[CVE|https://nvd.nist.gov/vuln/detail/CVE-2020-1953] so it's not really an
option to use those anyway.
> Bump commons-configuration to 2.2
> ---------------------------------
>
> Key: FLINK-7982
> URL: https://issues.apache.org/jira/browse/FLINK-7982
> Project: Flink
> Issue Type: Improvement
> Components: Build System
> Affects Versions: 1.4.0
> Reporter: Hai Zhou
> Assignee: Hai Zhou
> Priority: Major
>
> Currently the dependency
> {{org.apache.commons:commons-configuration (version:1.7, Sep, 2011)}},
> update to
> {{org.apache.commons: commons-configuration2: 2.2}}
> Reference hadoop:
> [Hadoop Commom: HADOOP-14648 - Bump commons-configuration2 to
> 2.1.1|https://issues.apache.org/jira/browse/HADOOP-14648]
> [Hadoop Common: HADOOP-13660 - Upgrade commons-configuration version to
> 2.1|https://issues.apache.org/jira/browse/HADOOP-13660]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
