Martijn Visser created FLINK-23542:
--------------------------------------

             Summary: Upgrade Checkstyle to at least 8.29
                 Key: FLINK-23542
                 URL: https://issues.apache.org/jira/browse/FLINK-23542
             Project: Flink
          Issue Type: Technical Debt
          Components: Build System
            Reporter: Martijn Visser


Checkstyle version < 8.29 are still vulnerable to XML External Entity (XXE) 
Processing due to an incomplete fix for CVE-2019-9658.

This vulnerability probably doesn't impact Flink as, in most cases, these 
builds are processing files that are trusted, or pre-vetted by a pull request 
reviewer before being run on internal CI infrastructure.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to