[
https://issues.apache.org/jira/browse/FLINK-23542?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martijn Visser updated FLINK-23542:
-----------------------------------
Description:
Checkstyle version < 8.29 are still vulnerable to XML External Entity (XXE)
Processing due to an incomplete fix for CVE-2019-9658.
{noformat}
Impact
User: Build Maintainers
This vulnerability probably doesn't impact Maven/Gradle users as, in most
cases, these builds are processing files that are trusted, or pre-vetted by a
pull request reviewer before being run on internal CI infrastructure.
{noformat}
was:
Checkstyle version < 8.29 are still vulnerable to XML External Entity (XXE)
Processing due to an incomplete fix for CVE-2019-9658.
```
Impact
User: Build Maintainers
This vulnerability probably doesn't impact Maven/Gradle users as, in most
cases, these builds are processing files that are trusted, or pre-vetted by a
pull request reviewer before being run on internal CI infrastructure.
```
> Upgrade Checkstyle to at least 8.29
> -----------------------------------
>
> Key: FLINK-23542
> URL: https://issues.apache.org/jira/browse/FLINK-23542
> Project: Flink
> Issue Type: Technical Debt
> Components: Build System
> Reporter: Martijn Visser
> Priority: Major
>
> Checkstyle version < 8.29 are still vulnerable to XML External Entity (XXE)
> Processing due to an incomplete fix for CVE-2019-9658.
> {noformat}
> Impact
> User: Build Maintainers
> This vulnerability probably doesn't impact Maven/Gradle users as, in most
> cases, these builds are processing files that are trusted, or pre-vetted by a
> pull request reviewer before being run on internal CI infrastructure.
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
