[
https://issues.apache.org/jira/browse/FLINK-33408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17781277#comment-17781277
]
Zhou Shijie commented on FLINK-33408:
-------------------------------------
[FLINK-31815|https://issues.apache.org/jira/browse/FLINK-31815] fixed the
container vulnerability from the operator side. However, we still pull the old
snakeyaml for flink standalone due to the old flink fabric8 usage, and it
hasn't been fixed as part of
[FLINK-31997|https://issues.apache.org/jira/browse/FLINK-31997]. So I will fix
it in this issue.
> Fixing the container vulnerability by upgrade the SnakeYaml Maven dependency
> in flink-kubernetes module.
> --------------------------------------------------------------------------------------------------------
>
> Key: FLINK-33408
> URL: https://issues.apache.org/jira/browse/FLINK-33408
> Project: Flink
> Issue Type: Improvement
> Components: Deployment / Kubernetes
> Reporter: Zhou Shijie
> Priority: Major
> Fix For: 1.18.0
>
>
> _Fix the container vulnerability in
> [CVE-2022-1471|https://github.com/advisories/GHSA-mjmj-j48q-9wg2] by upgrade
> the SnakeYaml Maven dependency in flink-kubernetes module._
> Upgrade the Kubernetes Client from 6.6.2 to 6.7.0, thereby upgrading the
> version of snakeyaml, which the Kubernetes Client indirectly depends on, from
> 1.33 to 2.0.
> h4.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
