[
https://issues.apache.org/jira/browse/FLINK-29710?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated FLINK-29710:
-----------------------------------
Labels: pull-request-available (was: )
> Upgrade the minimal supported hadoop version to 2.10.2
> ------------------------------------------------------
>
> Key: FLINK-29710
> URL: https://issues.apache.org/jira/browse/FLINK-29710
> Project: Flink
> Issue Type: Technical Debt
> Components: FileSystems
> Reporter: Martijn Visser
> Assignee: Martijn Visser
> Priority: Major
> Labels: pull-request-available
>
> Hadoop 2.8.5 is vulnerable for multiple CVEs such as
> https://nvd.nist.gov/vuln/detail/CVE-2022-25168 and
> https://nvd.nist.gov/vuln/detail/CVE-2022-26612 which are classified as
> Critical. While Flink is not directly impacted by those, we do see
> vulnerability scanners flag Flink as being vulnerable. We could easily
> mitigate that by bumping the minimal supported version of Hadoop to 2.10.2.
> Please note that this doesn't break the binary protocol compatibility, which
> means that 2.10.2 client can still talk to older servers.
> Discussion thread:
> https://lists.apache.org/thread/tgw2dmnoxm7sdwyjohskmvpk3pdd3qvm
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
