[ https://issues.apache.org/jira/browse/FLINK-29710?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
ASF GitHub Bot updated FLINK-29710: ----------------------------------- Labels: pull-request-available (was: ) > Upgrade the minimal supported hadoop version to 2.10.2 > ------------------------------------------------------ > > Key: FLINK-29710 > URL: https://issues.apache.org/jira/browse/FLINK-29710 > Project: Flink > Issue Type: Technical Debt > Components: FileSystems > Reporter: Martijn Visser > Assignee: Martijn Visser > Priority: Major > Labels: pull-request-available > > Hadoop 2.8.5 is vulnerable for multiple CVEs such as > https://nvd.nist.gov/vuln/detail/CVE-2022-25168 and > https://nvd.nist.gov/vuln/detail/CVE-2022-26612 which are classified as > Critical. While Flink is not directly impacted by those, we do see > vulnerability scanners flag Flink as being vulnerable. We could easily > mitigate that by bumping the minimal supported version of Hadoop to 2.10.2. > Please note that this doesn't break the binary protocol compatibility, which > means that 2.10.2 client can still talk to older servers. > Discussion thread: > https://lists.apache.org/thread/tgw2dmnoxm7sdwyjohskmvpk3pdd3qvm -- This message was sent by Atlassian Jira (v8.20.10#820010)