[
https://issues.apache.org/jira/browse/FLINK-29341?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martijn Visser closed FLINK-29341.
----------------------------------
Fix Version/s: (was: 1.13.6)
Resolution: Done
[~snathani406] This has already been addressed in Flink 1.15 via FLINK-24765.
You should update your Flink installation to a version that's still supported
by the community (Flink 1.14 and Flink 1.15 at this moment). In Flink 1.16 this
will even be 3.2.1 via FLINK-28060
> Upgrade Apache Kafka version to 2.6.3 to resolve CVE-2021-38153
> ---------------------------------------------------------------
>
> Key: FLINK-29341
> URL: https://issues.apache.org/jira/browse/FLINK-29341
> Project: Flink
> Issue Type: Bug
> Reporter: Sanjay Nathani
> Priority: Major
>
> The flink-connector-kafka module has Kafka as dependency being intorduced
> from here
> [https://github.com/apache/flink/blob/release-1.13.6/flink-connectors/flink-connector-kafka/pom.xml]
> . The version of kafka is 2.4.1 which is vulnerable having CVE-2021-38153 .
> In order to remove this CVE kafka version should be upgraded to 2.6.3 as said
> hereĀ https://lists.apache.org/thread/7vrvjt7tm7m46txds3kt6bywd8vp5px0
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
