[jira] [Commented] (FLINK-24025) The components on which Flink depends may contain vulnerabilities. If yes, fix them.

Chesnay Schepler (Jira) Sat, 28 Aug 2021 01:14:06 -0700


    [ 
https://issues.apache.org/jira/browse/FLINK-24025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17406150#comment-17406150
 ]


Chesnay Schepler commented on FLINK-24025:
------------------------------------------

I see; that issue may be fixed in 1.14.0.

> The components on which Flink depends may contain vulnerabilities. If yes, 
> fix them.
> ------------------------------------------------------------------------------------
>
>                 Key: FLINK-24025
>                 URL: https://issues.apache.org/jira/browse/FLINK-24025
>             Project: Flink
>          Issue Type: Improvement
>          Components: Build System
>    Affects Versions: 1.11.3
>            Reporter: mixedfruit
>            Priority: Minor
>
> In Flink v1.11.3 contains netty(version:3.10.6) 
> commons-compress(version:1.20) slf4j(version:1.7.15) 
> cxf-rt-rs-json-basic(version:3.4.0) and bzip2(version:1.0.6). There are many 
> vulnerabilities, like 
> CVE-2020-13954,CVE-2021-22696,CVE-2021-30468,CVE-2018-8088, 
> CVE-2021-21409,CVE-2021-35517 etc. please confirm these version and fix. thx



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (FLINK-24025) The components on which Flink depends may contain vulnerabilities. If yes, fix them.

Reply via email to