mixedfruit created FLINK-24025: ---------------------------------- Summary: The components on which Flink depends may contain vulnerabilities. If yes, fix them. Key: FLINK-24025 URL: https://issues.apache.org/jira/browse/FLINK-24025 Project: Flink Issue Type: Improvement Components: Build System Affects Versions: 1.11.3 Reporter: mixedfruit
In Flink v1.11.3 contains netty(version:3.10.6) commons-compress(version:1.20) slf4j(version:1.7.15) cxf-rt-rs-json-basic(version:3.4.0) and bzip2(version:1.0.6). There are many vulnerabilities, like CVE-2020-13954,CVE-2021-22696,CVE-2021-30468,CVE-2018-8088, CVE-2021-21409,CVE-2021-35517 etc. please confirm these version and fix. thx -- This message was sent by Atlassian Jira (v8.3.4#803005)