[
https://issues.apache.org/jira/browse/FLINK-24025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17406085#comment-17406085
]
mixedfruit commented on FLINK-24025:
------------------------------------
bzip2 : CVE-2019-12900 and cve-2016-3189 from librocksdbjni-linux-ppc64le.so ,
librocksdbjni-linux64.so, librocksdbjni-osx.jnilib and librocksdbjni-linux32.so
> The components on which Flink depends may contain vulnerabilities. If yes,
> fix them.
> ------------------------------------------------------------------------------------
>
> Key: FLINK-24025
> URL: https://issues.apache.org/jira/browse/FLINK-24025
> Project: Flink
> Issue Type: Improvement
> Components: Build System
> Affects Versions: 1.11.3
> Reporter: mixedfruit
> Priority: Minor
>
> In Flink v1.11.3 contains netty(version:3.10.6)
> commons-compress(version:1.20) slf4j(version:1.7.15)
> cxf-rt-rs-json-basic(version:3.4.0) and bzip2(version:1.0.6). There are many
> vulnerabilities, like
> CVE-2020-13954,CVE-2021-22696,CVE-2021-30468,CVE-2018-8088,
> CVE-2021-21409,CVE-2021-35517 etc. please confirm these version and fix. thx
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
