[
https://issues.apache.org/jira/browse/FLINK-21411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
dgbro updated FLINK-21411:
--------------------------
Description: In Flink v1.11.3 contains mesos(version: 1.0.1)
okhttp(version: 3.7.0) log4j(version:2.12.1) netty(version:3.10.6)
jackson-databind(2.10.1) jackson(version:2.10.1) and bzip2(version:1.0.6).
There are many vulnerabilities, like
CVE-2017-7687,CVE-2017-9790,CVE-2018-8023,CVE-2018-20200,CVE-2020-9488,CVE-2019-20444,CVE-2019-20445,CVE-2019-16869,CVE-2020-25649,CVE-2020-25649,CVE-2019-12900,CVE-2016-3189,CVE-2018-8088
etc. please confirm these version and fix. thx (was: In Flink v1.11.3
contains mesos(version: 1.0.1) okhttp(version: 3.7.0) log4j(version:2.12.1)
netty(version:3.10.6) jackson-databind(2.10.1) jackson(version:2.10.1) and
bzip2(version:1.0.6). There are many vulnerabilities, like
CVE-2017-7687,CVE-2017-9790,CVE-2018-8023,CVE-2018-20200,CVE-2020-9488,CVE-2019-20444,CVE-2019-20445,CVE-2019-16869,CVE-2020-25649,CVE-2020-25649,CVE-2019-12900,CVE-2016-3189
etc. please confirm these version and fix. thx)
> The components on which Flink depends may contain vulnerabilities. If yes,
> fix them.
> ------------------------------------------------------------------------------------
>
> Key: FLINK-21411
> URL: https://issues.apache.org/jira/browse/FLINK-21411
> Project: Flink
> Issue Type: Improvement
> Reporter: dgbro
> Priority: Major
>
> In Flink v1.11.3 contains mesos(version: 1.0.1) okhttp(version: 3.7.0)
> log4j(version:2.12.1) netty(version:3.10.6) jackson-databind(2.10.1)
> jackson(version:2.10.1) and bzip2(version:1.0.6). There are many
> vulnerabilities, like
> CVE-2017-7687,CVE-2017-9790,CVE-2018-8023,CVE-2018-20200,CVE-2020-9488,CVE-2019-20444,CVE-2019-20445,CVE-2019-16869,CVE-2020-25649,CVE-2020-25649,CVE-2019-12900,CVE-2016-3189,CVE-2018-8088
> etc. please confirm these version and fix. thx
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
