[
https://issues.apache.org/jira/browse/FLINK-31789?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17711954#comment-17711954
]
Morey Straus commented on FLINK-31789:
--------------------------------------
This is coming from a Black Duck BA scan. It is part of an image but that
image doesn't include axel. However, it could well be a false positive. The
scanner indicates that it is bring brought in by way of gettext. I am
attempting to verify with my colleague.
> Update axel to current
> ----------------------
>
> Key: FLINK-31789
> URL: https://issues.apache.org/jira/browse/FLINK-31789
> Project: Flink
> Issue Type: Technical Debt
> Affects Versions: 1.17.0
> Reporter: Morey Straus
> Priority: Major
> Labels: security
>
> Flink is shipping with version 2.6, which contains CVE-2020-13614. This was
> fixed in 2.17.8.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
