[jira] [Updated] (FLINK-16356) Some dependencies contain CVEs
[ https://issues.apache.org/jira/browse/FLINK-16356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Flink Jira Bot updated FLINK-16356: --- Labels: auto-deprioritized-major auto-deprioritized-minor (was: auto-deprioritized-major stale-minor) Priority: Not a Priority (was: Minor) This issue was labeled "stale-minor" 7 days ago and has not received any updates so it is being deprioritized. If this ticket is actually Minor, please raise the priority and ask a committer to assign you the issue or revive the public discussion. > Some dependencies contain CVEs > -- > > Key: FLINK-16356 > URL: https://issues.apache.org/jira/browse/FLINK-16356 > Project: Flink > Issue Type: Bug > Components: Build System >Reporter: XuCongying >Priority: Not a Priority > Labels: auto-deprioritized-major, auto-deprioritized-minor > Attachments: apache-flink_CVE-report.md > > > I found your project used some dependencies that contain CVEs. To prevent > potential risk it may cause, I suggest a library update. The following is a > detailed content. > > Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.7.0 > CVE ID: > [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200) > Import Path: flink-metrics/flink-metrics-datadog/pom.xml, > flink-end-to-end-tests/flink-end-to-end-tests-common/pom.xml, > flink-end-to-end-tests/flink-metrics-reporter-prometheus-test/pom.xml, > flink-runtime/pom.xml > Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, > 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, > 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, > 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0 > Vulnerable Library Version: com.google.guava : guava : 18.0 > CVE ID: > [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237) > Import Path: flink-connectors/flink-connector-kinesis/pom.xml, > flink-connectors/flink-connector-cassandra/pom.xml > Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, > 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, > 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, > 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.2.1 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 2.0.0 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.1.0 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 2.1.1 > CVE ID: > [CVE-2017-12625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12625), > > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.0.1 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > Vulnerable Library Version: org.apache.hive : hive-exec : 2.2.0 > CVE ID: > [CVE-2017-12625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12625), > > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), >
[jira] [Updated] (FLINK-16356) Some dependencies contain CVEs
[ https://issues.apache.org/jira/browse/FLINK-16356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Flink Jira Bot updated FLINK-16356: --- Labels: auto-deprioritized-major stale-minor (was: auto-deprioritized-major) I am the [Flink Jira Bot|https://github.com/apache/flink-jira-bot/] and I help the community manage its development. I see this issues has been marked as Minor but is unassigned and neither itself nor its Sub-Tasks have been updated for 180 days. I have gone ahead and marked it "stale-minor". If this ticket is still Minor, please either assign yourself or give an update. Afterwards, please remove the label or in 7 days the issue will be deprioritized. > Some dependencies contain CVEs > -- > > Key: FLINK-16356 > URL: https://issues.apache.org/jira/browse/FLINK-16356 > Project: Flink > Issue Type: Bug > Components: Build System >Reporter: XuCongying >Priority: Minor > Labels: auto-deprioritized-major, stale-minor > Attachments: apache-flink_CVE-report.md > > > I found your project used some dependencies that contain CVEs. To prevent > potential risk it may cause, I suggest a library update. The following is a > detailed content. > > Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.7.0 > CVE ID: > [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200) > Import Path: flink-metrics/flink-metrics-datadog/pom.xml, > flink-end-to-end-tests/flink-end-to-end-tests-common/pom.xml, > flink-end-to-end-tests/flink-metrics-reporter-prometheus-test/pom.xml, > flink-runtime/pom.xml > Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, > 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, > 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, > 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0 > Vulnerable Library Version: com.google.guava : guava : 18.0 > CVE ID: > [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237) > Import Path: flink-connectors/flink-connector-kinesis/pom.xml, > flink-connectors/flink-connector-cassandra/pom.xml > Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, > 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, > 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, > 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.2.1 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 2.0.0 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.1.0 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 2.1.1 > CVE ID: > [CVE-2017-12625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12625), > > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.0.1 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > Vulnerable Library Version: org.apache.hive : hive-exec : 2.2.0 > CVE ID: >
[jira] [Updated] (FLINK-16356) Some dependencies contain CVEs
[ https://issues.apache.org/jira/browse/FLINK-16356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Flink Jira Bot updated FLINK-16356: --- Labels: auto-deprioritized-major (was: stale-major) Priority: Minor (was: Major) This issue was labeled "stale-major" 7 ago and has not received any updates so it is being deprioritized. If this ticket is actually Major, please raise the priority and ask a committer to assign you the issue or revive the public discussion. > Some dependencies contain CVEs > -- > > Key: FLINK-16356 > URL: https://issues.apache.org/jira/browse/FLINK-16356 > Project: Flink > Issue Type: Bug > Components: Build System >Reporter: XuCongying >Priority: Minor > Labels: auto-deprioritized-major > Attachments: apache-flink_CVE-report.md > > > I found your project used some dependencies that contain CVEs. To prevent > potential risk it may cause, I suggest a library update. The following is a > detailed content. > > Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.7.0 > CVE ID: > [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200) > Import Path: flink-metrics/flink-metrics-datadog/pom.xml, > flink-end-to-end-tests/flink-end-to-end-tests-common/pom.xml, > flink-end-to-end-tests/flink-metrics-reporter-prometheus-test/pom.xml, > flink-runtime/pom.xml > Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, > 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, > 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, > 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0 > Vulnerable Library Version: com.google.guava : guava : 18.0 > CVE ID: > [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237) > Import Path: flink-connectors/flink-connector-kinesis/pom.xml, > flink-connectors/flink-connector-cassandra/pom.xml > Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, > 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, > 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, > 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.2.1 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 2.0.0 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.1.0 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 2.1.1 > CVE ID: > [CVE-2017-12625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12625), > > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.0.1 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > Vulnerable Library Version: org.apache.hive : hive-exec : 2.2.0 > CVE ID: > [CVE-2017-12625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12625), > > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path:
[jira] [Updated] (FLINK-16356) Some dependencies contain CVEs
[ https://issues.apache.org/jira/browse/FLINK-16356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Flink Jira Bot updated FLINK-16356: --- Labels: stale-major (was: ) I am the [Flink Jira Bot|https://github.com/apache/flink-jira-bot/] and I help the community manage its development. I see this issues has been marked as Major but is unassigned and neither itself nor its Sub-Tasks have been updated for 30 days. I have gone ahead and added a "stale-major" to the issue". If this ticket is a Major, please either assign yourself or give an update. Afterwards, please remove the label or in 7 days the issue will be deprioritized. > Some dependencies contain CVEs > -- > > Key: FLINK-16356 > URL: https://issues.apache.org/jira/browse/FLINK-16356 > Project: Flink > Issue Type: Bug > Components: Build System >Reporter: XuCongying >Priority: Major > Labels: stale-major > Attachments: apache-flink_CVE-report.md > > > I found your project used some dependencies that contain CVEs. To prevent > potential risk it may cause, I suggest a library update. The following is a > detailed content. > > Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.7.0 > CVE ID: > [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200) > Import Path: flink-metrics/flink-metrics-datadog/pom.xml, > flink-end-to-end-tests/flink-end-to-end-tests-common/pom.xml, > flink-end-to-end-tests/flink-metrics-reporter-prometheus-test/pom.xml, > flink-runtime/pom.xml > Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, > 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, > 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, > 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0 > Vulnerable Library Version: com.google.guava : guava : 18.0 > CVE ID: > [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237) > Import Path: flink-connectors/flink-connector-kinesis/pom.xml, > flink-connectors/flink-connector-cassandra/pom.xml > Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, > 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, > 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, > 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.2.1 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 2.0.0 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.1.0 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 2.1.1 > CVE ID: > [CVE-2017-12625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12625), > > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.0.1 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > Vulnerable Library Version: org.apache.hive : hive-exec : 2.2.0 > CVE ID: > [CVE-2017-12625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12625), > >
[jira] [Updated] (FLINK-16356) Some dependencies contain CVEs
[ https://issues.apache.org/jira/browse/FLINK-16356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Chesnay Schepler updated FLINK-16356: - Component/s: Build System > Some dependencies contain CVEs > -- > > Key: FLINK-16356 > URL: https://issues.apache.org/jira/browse/FLINK-16356 > Project: Flink > Issue Type: Bug > Components: Build System >Reporter: XuCongying >Priority: Major > Attachments: apache-flink_CVE-report.md > > > I found your project used some dependencies that contain CVEs. To prevent > potential risk it may cause, I suggest a library update. The following is a > detailed content. > > Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.7.0 > CVE ID: > [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200) > Import Path: flink-metrics/flink-metrics-datadog/pom.xml, > flink-end-to-end-tests/flink-end-to-end-tests-common/pom.xml, > flink-end-to-end-tests/flink-metrics-reporter-prometheus-test/pom.xml, > flink-runtime/pom.xml > Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, > 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, > 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, > 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0 > Vulnerable Library Version: com.google.guava : guava : 18.0 > CVE ID: > [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237) > Import Path: flink-connectors/flink-connector-kinesis/pom.xml, > flink-connectors/flink-connector-cassandra/pom.xml > Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, > 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, > 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, > 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.2.1 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 2.0.0 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.1.0 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 2.1.1 > CVE ID: > [CVE-2017-12625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12625), > > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.0.1 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > Vulnerable Library Version: org.apache.hive : hive-exec : 2.2.0 > CVE ID: > [CVE-2017-12625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12625), > > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 0.11.0.2 > CVE ID: > [CVE-2018-1288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288), > > [CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196) > Import Path:
[jira] [Updated] (FLINK-16356) Some dependencies contain CVEs
[ https://issues.apache.org/jira/browse/FLINK-16356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] XuCongying updated FLINK-16356: --- Attachment: apache-flink_CVE-report.md > Some dependencies contain CVEs > -- > > Key: FLINK-16356 > URL: https://issues.apache.org/jira/browse/FLINK-16356 > Project: Flink > Issue Type: Bug >Reporter: XuCongying >Priority: Major > Attachments: apache-flink_CVE-report.md > > > I found your project used some dependencies that contain CVEs. To prevent > potential risk it may cause, I suggest a library update. The following is a > detailed content. > > Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.7.0 > CVE ID: > [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200) > Import Path: flink-metrics/flink-metrics-datadog/pom.xml, > flink-end-to-end-tests/flink-end-to-end-tests-common/pom.xml, > flink-end-to-end-tests/flink-metrics-reporter-prometheus-test/pom.xml, > flink-runtime/pom.xml > Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, > 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, > 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, > 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0 > Vulnerable Library Version: com.google.guava : guava : 18.0 > CVE ID: > [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237) > Import Path: flink-connectors/flink-connector-kinesis/pom.xml, > flink-connectors/flink-connector-cassandra/pom.xml > Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, > 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, > 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, > 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.2.1 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 2.0.0 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.1.0 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 2.1.1 > CVE ID: > [CVE-2017-12625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12625), > > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.hive : hive-exec : 1.0.1 > CVE ID: > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > > [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > Vulnerable Library Version: org.apache.hive : hive-exec : 2.2.0 > CVE ID: > [CVE-2017-12625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12625), > > [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), > [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314) > Import Path: flink-connectors/flink-connector-hive/pom.xml > Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2 > > Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 0.11.0.2 > CVE ID: > [CVE-2018-1288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288), > > [CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196) > Import Path: