This is an automated email from the ASF dual-hosted git repository. martijnvisser pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/flink-web.git
commit 2802035a33bcd3049e56cd046edd6a48c8fdbf90 Author: Martijn Visser <mvis...@confluent.io> AuthorDate: Tue Sep 19 12:53:35 2023 +0200 Rebuild website --- .../index.html | 15 +++++++++++++++ content/security/index.html | 12 ++++++++++++ content/zh/security/index.html | 12 ++++++++++++ 3 files changed, 39 insertions(+) diff --git a/content/2023/09/19/stateful-functions-3.3.0-release-announcement/index.html b/content/2023/09/19/stateful-functions-3.3.0-release-announcement/index.html index 308e1d295..268d8cd2a 100644 --- a/content/2023/09/19/stateful-functions-3.3.0-release-announcement/index.html +++ b/content/2023/09/19/stateful-functions-3.3.0-release-announcement/index.html @@ -890,6 +890,7 @@ https://github.com/alex-shpak/hugo-book <ul> <li><a href="#new-features">New Features</a> <ul> + <li><a href="#fixed-cve-2023-41834">Fixed CVE-2023-41834</a></li> <li><a href="#upgraded-flink-dependency-to-1162">Upgraded Flink dependency to 1.16.2</a></li> </ul> </li> @@ -942,6 +943,19 @@ or <a href="https://issues.apache.org/jira/browse/FLINK">JIRA</a>!</p> New Features <a class="anchor" href="#new-features">#</a> </h2> +<h3 id="fixed-cve-2023-41834"> + Fixed CVE-2023-41834 + <a class="anchor" href="#fixed-cve-2023-41834">#</a> +</h3> +<p>Stateful Functions versions 3.1.0, 3.1.1 and 3.2.0 allowed HTTP header +injection due to Improper Neutralization of CRLF Sequences. Attackers could +potentially inject malicious content into the HTTP response that is +sent to the user. This could include injecting a fake login form or +other phishing content, or injecting malicious JavaScript code that +can steal user credentials or perform other malicious actions on the +user’s behalf.</p> +<p>Stateful Functions 3.3.0 has fixed this security vulnerability. More details can be found on the +<a href="/security/">Security</a> page.</p> <h3 id="upgraded-flink-dependency-to-1162"> Upgraded Flink dependency to 1.16.2 <a class="anchor" href="#upgraded-flink-dependency-to-1162">#</a> @@ -1005,6 +1019,7 @@ for a detailed list of changes and new features if you plan to upgrade your setu <ul> <li><a href="#new-features">New Features</a> <ul> + <li><a href="#fixed-cve-2023-41834">Fixed CVE-2023-41834</a></li> <li><a href="#upgraded-flink-dependency-to-1162">Upgraded Flink dependency to 1.16.2</a></li> </ul> </li> diff --git a/content/security/index.html b/content/security/index.html index db83026fe..07f74e89f 100644 --- a/content/security/index.html +++ b/content/security/index.html @@ -984,6 +984,18 @@ under the License. Users are advised to upgrade to Flink 1.11.3 or 1.12.0 or later versions. </td> </tr> + <tr> + <td> + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41834">CVE-2023-41834</a> + </td> + <td> + Flink Stateful Functions 3.1.0, 3.1.1, 3.2.0 + </td> + <td> + <a href="https://github.com/apache/flink-statefun/commit/b06c0a23a5a622d48efc8395699b2e4502bd92be">Fixed in commit b06c0a23a5a622d48efc8395699b2e4502bd92be</a> <br> + Users are advised to upgrade to Flink Stateful Functions 3.3.0 or later versions. + </td> + </tr> </table> <h2 id="frequently-asked-questions"> Frequently Asked Questions diff --git a/content/zh/security/index.html b/content/zh/security/index.html index 1f08f5d6b..50c3ee664 100644 --- a/content/zh/security/index.html +++ b/content/zh/security/index.html @@ -984,6 +984,18 @@ under the License. Users are advised to upgrade to Flink 1.11.3 or 1.12.0 or later versions. </td> </tr> + <tr> + <td> + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41834">CVE-2023-41834</a> + </td> + <td> + Flink Stateful Functions 3.1.0, 3.1.1, 3.2.0 + </td> + <td> + <a href="https://github.com/apache/flink-statefun/commit/b06c0a23a5a622d48efc8395699b2e4502bd92be">Fixed in commit b06c0a23a5a622d48efc8395699b2e4502bd92be</a> <br> + Users are advised to upgrade to Flink Stateful Functions 3.3.0 or later versions. + </td> + </tr> </table> <h2 id="frequently-asked-questions"> Frequently Asked Questions