[
https://issues.apache.org/jira/browse/FLINK-39191?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated FLINK-39191:
-----------------------------------
Labels: pull-request-available (was: )
> Upgrade monaco-editor to 0.55.1 to get rid of DOMPurify CVEs
> ------------------------------------------------------------
>
> Key: FLINK-39191
> URL: https://issues.apache.org/jira/browse/FLINK-39191
> Project: Flink
> Issue Type: Bug
> Reporter: Yaroslav
> Priority: Major
> Labels: pull-request-available
>
> Currently Flink uses monaco-editor of version 0.31.1, which seems to depend
> on DOMPurify of version 2.3.1, which is vulnerable by CVE-2024-48910,
> CVE-2024-45801, CVE-2024-47875 and CVE-2025-26791.
> The latest monaco-editor release, 0.55.1, uses DOMPurify of version 3.2.7,
> which is not vulnerable by any of those CVEs.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
