Martijn Visser created FLINK-23542: -------------------------------------- Summary: Upgrade Checkstyle to at least 8.29 Key: FLINK-23542 URL: https://issues.apache.org/jira/browse/FLINK-23542 Project: Flink Issue Type: Technical Debt Components: Build System Reporter: Martijn Visser
Checkstyle version < 8.29 are still vulnerable to XML External Entity (XXE) Processing due to an incomplete fix for CVE-2019-9658. This vulnerability probably doesn't impact Flink as, in most cases, these builds are processing files that are trusted, or pre-vetted by a pull request reviewer before being run on internal CI infrastructure. -- This message was sent by Atlassian Jira (v8.3.4#803005)