[jira] [Created] (FLINK-24025) The components on which Flink depends may contain vulnerabilities. If yes, fix them.

mixedfruit (Jira) Fri, 27 Aug 2021 03:16:21 -0700

mixedfruit created FLINK-24025:
----------------------------------

             Summary: The components on which Flink depends may contain 
vulnerabilities. If yes, fix them.
                 Key: FLINK-24025
                 URL: https://issues.apache.org/jira/browse/FLINK-24025
             Project: Flink
          Issue Type: Improvement
          Components: Build System
    Affects Versions: 1.11.3
            Reporter: mixedfruit



In Flink v1.11.3 contains netty(version:3.10.6) commons-compress(version:1.20) 
slf4j(version:1.7.15) cxf-rt-rs-json-basic(version:3.4.0) and 
bzip2(version:1.0.6). There are many vulnerabilities, like 
CVE-2020-13954,CVE-2021-22696,CVE-2021-30468,CVE-2018-8088, 
CVE-2021-21409,CVE-2021-35517 etc. please confirm these version and fix. thx



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (FLINK-24025) The components on which Flink depends may contain vulnerabilities. If yes, fix them.

Reply via email to