[jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx

Mon, 26 Apr 2021 13:27:27 -0700 


    [ 
https://issues.apache.org/jira/browse/FLINK-22441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17332718#comment-17332718
 ] 

Austin Cawley-Edwards commented on FLINK-22441:
-----------------------------------------------

Adding the "drop Scala 2.11 support" ticket as a blocker, as Konstantin 
mentioned the current Akka lib is the root of this issue, and Akka cannot be 
upgraded until Scala 2.11 is dropped. If there's a more accurate ticket for the 
Akka upgrade, we can update the blocker.

> In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There 
> are many vulnerabilities, like CVE-2021-21409 etc. please confirm these 
> version and fix. thx
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: FLINK-22441
>                 URL: https://issues.apache.org/jira/browse/FLINK-22441
>             Project: Flink
>          Issue Type: Bug
>          Components: Runtime / Coordination
>    Affects Versions: 1.11.3, 1.12.2, 1.13.0
>            Reporter: 张健
>            Priority: Major
>
> In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There 
> are many vulnerabilities, like CVE-2021-21409 CVE-2021-21295 etc. please 
> confirm these version and fix. thx



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to