Maximilian Michels created FLINK-4732: -----------------------------------------
Summary: Maven junction plugin security threat Key: FLINK-4732 URL: https://issues.apache.org/jira/browse/FLINK-4732 Project: Flink Issue Type: Bug Components: Build System Reporter: Maximilian Michels Assignee: Maximilian Michels Priority: Critical Fix For: 1.2.0, 1.1.3 We use the Maven Junction plugin http://pyx4j.com/pyx4j-maven-plugins/maven-junction-plugin/introduction.html to create a symbolic link to the build directory. On Windows, the plugin downloads an executable from the author's homepage which may contain vulnerable code. The plugin has not been updated since 2007. I propose to remove the plugin while this security threat persists. -- This message was sent by Atlassian JIRA (v6.3.4#6332)