nagasudhakar created FLINK-29654: ------------------------------------ Summary: Vulnerable libraries - Flink 1.15.2 Key: FLINK-29654 URL: https://issues.apache.org/jira/browse/FLINK-29654 Project: Flink Issue Type: Bug Components: Build System Affects Versions: 1.15.2 Reporter: nagasudhakar
Hi, our organisation ran a security scan on Flink-1.15.2 release and found the following vulnerable open source libraries being used - JDOM1.1 kryo2.24.0 libnetty-3.9-java3.9.0.Final Netty Project3.10.6.Final Play2.6.11 Apache Tika1.28.1 Apache Avro1.7.7 Apache Kafka2.8.1 The recommended versions for these libraries are - JDOM2.0.2 kryo-5.5.0 libnetty-3.9-java3.9.9.Final Netty Project 5.0.0.Final Play2.8.16 Apache Tika2.4.1 Apache Avro1.8.2 Apache Kafka2.8.2 -- This message was sent by Atlassian Jira (v8.20.10#820010)