[jira] [Created] (FLINK-36800) Upgrade hadoop-aws to avoid CVE-2019-14887

Fabian Paul (Jira) Tue, 26 Nov 2024 03:20:29 -0800

Fabian Paul created FLINK-36800:
-----------------------------------

             Summary: Upgrade hadoop-aws to avoid CVE-2019-14887
                 Key: FLINK-36800
                 URL: https://issues.apache.org/jira/browse/FLINK-36800
             Project: Flink
          Issue Type: Bug
          Components: Connectors / FileSystem
    Affects Versions: 2.0-preview, 1.19.1, 1.20.0, 1.18.1
            Reporter: Fabian Paul
            Assignee: Fabian Paul



wildfly-openssl is used as SSL provider by hadoop-aws.

 

Currently, Flink depends on hadoop-aws 3.3.4 including wildfly-openssl 1.0.7 
being vulnerable. We should update hadoop-aws to include a later version of the 
SSL provider.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (FLINK-36800) Upgrade hadoop-aws to avoid CVE-2019-14887

Reply via email to