[
https://issues.apache.org/jira/browse/FLINK-23542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17633830#comment-17633830
]
Martijn Visser commented on FLINK-23542:
----------------------------------------
[~samrat007] Could you list what would be the extra benefits of upgrading to
the new checkstyle version? Because it would require that all current Flink
developers update their workflow, we should at least make clear what are the
benefits of the upgrade before spending time on it
> Upgrade Checkstyle to at least 8.29
> -----------------------------------
>
> Key: FLINK-23542
> URL: https://issues.apache.org/jira/browse/FLINK-23542
> Project: Flink
> Issue Type: Technical Debt
> Components: Build System
> Reporter: Martijn Visser
> Priority: Not a Priority
> Labels: auto-deprioritized-minor, pull-request-available
>
> Checkstyle version < 8.29 are still vulnerable to XML External Entity (XXE)
> Processing due to an incomplete fix for CVE-2019-9658.
> {noformat}
> Impact
> User: Build Maintainers
> This vulnerability probably doesn't impact Maven/Gradle users as, in most
> cases, these builds are processing files that are trusted, or pre-vetted by a
> pull request reviewer before being run on internal CI infrastructure.
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
