[jira] [Commented] (FLINK-36602) Upgrade Calcite version to 1.38.0

Sergey Nuyanzin (Jira) Tue, 16 Jun 2026 04:44:15 -0700


    [ 
https://issues.apache.org/jira/browse/FLINK-36602?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18089364#comment-18089364
 ]


Sergey Nuyanzin commented on FLINK-36602:
-----------------------------------------

Merged as 
[8de3293e2d95dc3ed8dc78edfb7f7963dd56b9e7|https://github.com/apache/flink/commit/8de3293e2d95dc3ed8dc78edfb7f7963dd56b9e7]

> Upgrade Calcite version to 1.38.0
> ---------------------------------
>
>                 Key: FLINK-36602
>                 URL: https://issues.apache.org/jira/browse/FLINK-36602
>             Project: Flink
>          Issue Type: Improvement
>          Components: Table SQL / API
>    Affects Versions: 2.0-preview
>            Reporter: Thomas Cooper
>            Assignee: Sergey Nuyanzin
>            Priority: Major
>              Labels: pull-request-available
>
> The currently used Calcite version (1.32) has a high severity vulnerability 
> ([CVE-2023-1370|https://nvd.nist.gov/vuln/detail/CVE-2023-1370]). This can be 
> mitigated by upgrading to Calcite 1.37 or higher (which upgrades the 
> vulnerable json-path library). 
> As [1.38 has been 
> released|https://calcite.apache.org/news/2024/10/15/release-1.38.0/] we 
> should probably upgrade to that.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (FLINK-36602) Upgrade Calcite version to 1.38.0

Reply via email to