jbusche opened a new pull request, #436: URL: https://github.com/apache/flink-kubernetes-operator/pull/436
Signed-off-by: James Busche <[email protected]> ## What is the purpose of the change The existing version 2.13.4 of jackson-databind has a high vulnerability (CVSS 7.5) that is fixed in 2.14.0 https://nvd.nist.gov/vuln/detail/CVE-2022-42003 ## Brief change log Bumping the version in the pom.xml and src/main/resources/META-INF/NOTICE ## Verifying this change This change is already covered by existing tests, such as *(please describe tests)*. - Successfully built new operator image from branch - Twistlock security scan shows vulnerability no longer an issue. - Tested new image on an OpenShift cluster, image worked as expected: ``` oc get pods NAME READY STATUS RESTARTS AGE basic-example-56876dc586-52g48 1/1 Running 0 2m40s basic-example-taskmanager-1-1 1/1 Running 0 2m27s flink-kubernetes-operator-7d5c7b77f7-69nhh 2/2 Running 0 11m ``` Also cleaned up and deployed it with helm and it looked good as well: ``` helm install flink-kubernetes-operator helm/flink-kubernetes-operator --set image.repository=docker.io/jimbdocker/flink-kubernetes-operator --set image.tag=flink-29853 kubectl create -f https://raw.githubusercontent.com/apache/flink-kubernetes-operator/release-1.2/examples/basic.yaml oc get pods NAME READY STATUS RESTARTS AGE basic-example-56876dc586-8jhc2 1/1 Running 0 7m50s basic-example-taskmanager-1-1 1/1 Running 0 7m39s flink-kubernetes-operator-b77ddf85-rvddp 2/2 Running 0 8m46s ``` ## Does this pull request potentially affect one of the following parts: - Dependencies (does it add or upgrade a dependency): yes - The public API, i.e., is any changes to the `CustomResourceDescriptors`: no - Core observer or reconciler logic that is regularly executed: no ## Documentation - Does this pull request introduce a new feature? no -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
