APA created FLINK-35282:
---------------------------
Summary: Support for Apache Beam > 2.49
Key: FLINK-35282
URL: https://issues.apache.org/jira/browse/FLINK-35282
Project: Flink
Issue Type: Improvement
Reporter: APA
>From what I see PyFlink still has the requirement of Apache Beam => 2.43.0 and
><= 2.49.0 which subsequently results in a requirement of PyArrow <= 12.0.0.
>That keeps us exposed to [https://nvd.nist.gov/vuln/detail/CVE-2023-47248]
I'm not deep enough familiar with the PyFlink code base to understand why
Apache Beam's upper dependency limit can't be lifted. From all the existing
issues I haven't seen one addressing this. Therefore I created one now.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
