[
https://issues.apache.org/jira/browse/FLINK-36510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17895163#comment-17895163
]
Grace Grimwood commented on FLINK-36510:
----------------------------------------
I've double-checked the flink-shaded version used by Flink 1.19 and it's still
bundling Netty 4.1.91.Final, which is the same that's used in Flink 1.20. I've
opened PR [#25603|https://github.com/apache/flink/pull/25603] to backport to
1.19.
> Upgrade Pekko from 1.0.1 to 1.1.2
> ---------------------------------
>
> Key: FLINK-36510
> URL: https://issues.apache.org/jira/browse/FLINK-36510
> Project: Flink
> Issue Type: Technical Debt
> Components: Runtime / Coordination
> Affects Versions: 1.20.0, 1.19.1, 2.0-preview
> Reporter: Grace Grimwood
> Assignee: Grace Grimwood
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.0.0, 1.20.1
>
>
> Updates Pekko dependency to 1.1.2 which in turn upgrades Netty 3 to 4
> (addressing FLINK-29065 and removing several CVEs from Flink). Pekko 1.1 also
> upgrades other dependencies such as slf4j and Jackson. For more details see
> the [Pekko 1.1 release
> notes|https://pekko.apache.org/docs/pekko/current/release-notes/releases-1.1.html].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
