[jira] [Comment Edited] (FLINK-36593) Upgrade io.airlift:aircompressor to mitigate CVE

pshangle (Jira) Wed, 23 Oct 2024 05:31:38 -0700


    [ 
https://issues.apache.org/jira/browse/FLINK-36593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17892134#comment-17892134
 ]


pshangle edited comment on FLINK-36593 at 10/23/24 12:28 PM:
-------------------------------------------------------------

[~tomncooper]  can i take up this issue if you are not working on this


was (Author: JIRAUSER307412):
[~tomncooper]  can i work on this issue

> Upgrade io.airlift:aircompressor to mitigate CVE
> ------------------------------------------------
>
>                 Key: FLINK-36593
>                 URL: https://issues.apache.org/jira/browse/FLINK-36593
>             Project: Flink
>          Issue Type: Improvement
>    Affects Versions: 2.0-preview
>            Reporter: Thomas Cooper
>            Priority: Major
>
> The current version of the aircompressor library (0.21), used in the 
> flink-runtime module, has a vulnerability: 
> [CVE-2024-36114](https://nvd.nist.gov/vuln/detail/CVE-2024-36114).
> This can be mitigated by upgrading to version 0.27 of the library.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Comment Edited] (FLINK-36593) Upgrade io.airlift:aircompressor to mitigate CVE

Reply via email to