[ https://issues.apache.org/jira/browse/FLINK-24025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17406085#comment-17406085 ]
mixedfruit commented on FLINK-24025: ------------------------------------ bzip2 : CVE-2019-12900 and cve-2016-3189 from librocksdbjni-linux-ppc64le.so , librocksdbjni-linux64.so, librocksdbjni-osx.jnilib and librocksdbjni-linux32.so > The components on which Flink depends may contain vulnerabilities. If yes, > fix them. > ------------------------------------------------------------------------------------ > > Key: FLINK-24025 > URL: https://issues.apache.org/jira/browse/FLINK-24025 > Project: Flink > Issue Type: Improvement > Components: Build System > Affects Versions: 1.11.3 > Reporter: mixedfruit > Priority: Minor > > In Flink v1.11.3 contains netty(version:3.10.6) > commons-compress(version:1.20) slf4j(version:1.7.15) > cxf-rt-rs-json-basic(version:3.4.0) and bzip2(version:1.0.6). There are many > vulnerabilities, like > CVE-2020-13954,CVE-2021-22696,CVE-2021-30468,CVE-2018-8088, > CVE-2021-21409,CVE-2021-35517 etc. please confirm these version and fix. thx -- This message was sent by Atlassian Jira (v8.3.4#803005)