[jira] [Updated] (FLINK-35282) PyFlink Support for Apache Beam > 2.49

Martijn Visser (Jira) Thu, 02 May 2024 02:59:03 -0700


     [ 
https://issues.apache.org/jira/browse/FLINK-35282?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Martijn Visser updated FLINK-35282:
-----------------------------------
    Priority: Major  (was: Blocker)

> PyFlink Support for Apache Beam > 2.49
> --------------------------------------
>
>                 Key: FLINK-35282
>                 URL: https://issues.apache.org/jira/browse/FLINK-35282
>             Project: Flink
>          Issue Type: Improvement
>            Reporter: APA
>            Priority: Major
>
> From what I see PyFlink still has the requirement of Apache Beam => 2.43.0 
> and <= 2.49.0 which subsequently results in a requirement of PyArrow <= 
> 12.0.0. That keeps us exposed to 
> [https://nvd.nist.gov/vuln/detail/CVE-2023-47248]
> I'm not deep enough familiar with the PyFlink code base to understand why 
> Apache Beam's upper dependency limit can't be lifted. From all the existing 
> issues I haven't seen one addressing this. Therefore I created one now. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (FLINK-35282) PyFlink Support for Apache Beam > 2.49

Reply via email to