Maximilian Michels created FLINK-4732:
-----------------------------------------
Summary: Maven junction plugin security threat
Key: FLINK-4732
URL: https://issues.apache.org/jira/browse/FLINK-4732
Project: Flink
Issue Type: Bug
Components: Build System
Reporter: Maximilian Michels
Assignee: Maximilian Michels
Priority: Critical
Fix For: 1.2.0, 1.1.3
We use the Maven Junction plugin
http://pyx4j.com/pyx4j-maven-plugins/maven-junction-plugin/introduction.html to
create a symbolic link to the build directory. On Windows, the plugin downloads
an executable from the author's homepage which may contain vulnerable code. The
plugin has not been updated since 2007.
I propose to remove the plugin while this security threat persists.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
