[
https://issues.apache.org/jira/browse/FLINK-10007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Flink Jira Bot updated FLINK-10007:
-----------------------------------
Labels: auto-deprioritized-critical auto-deprioritized-major stale-minor
(was: auto-deprioritized-critical auto-deprioritized-major)
I am the [Flink Jira Bot|https://github.com/apache/flink-jira-bot/] and I help
the community manage its development. I see this issues has been marked as
Minor but is unassigned and neither itself nor its Sub-Tasks have been updated
for 180 days. I have gone ahead and marked it "stale-minor". If this ticket is
still Minor, please either assign yourself or give an update. Afterwards,
please remove the label or in 7 days the issue will be deprioritized.
> Security vulnerability in website build infrastructure
> ------------------------------------------------------
>
> Key: FLINK-10007
> URL: https://issues.apache.org/jira/browse/FLINK-10007
> Project: Flink
> Issue Type: Bug
> Components: Project Website
> Reporter: Fabian Hueske
> Priority: Minor
> Labels: auto-deprioritized-critical, auto-deprioritized-major,
> stale-minor
>
> We've got a notification from Apache INFRA about a potential security
> vulnerability:
> {quote}
> We found a potential security vulnerability in a repository for which you
> have been granted security alert access.
> @apache apache/flink-web
> Known high severity security vulnerability detected in yajl-ruby < 1.3.1
> defined in Gemfile.
> Gemfile update suggested: yajl-ruby ~> 1.3.1.
> {quote}
> This is a problem with the build environment of the website, i.e., this
> dependency is not distributed or executed with Flink but only run when the
> website is updated.
> Nonetheless, we should of course update the dependency.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
