nagasudhakar created FLINK-29654:
------------------------------------
Summary: Vulnerable libraries - Flink 1.15.2
Key: FLINK-29654
URL: https://issues.apache.org/jira/browse/FLINK-29654
Project: Flink
Issue Type: Bug
Components: Build System
Affects Versions: 1.15.2
Reporter: nagasudhakar
Hi, our organisation ran a security scan on Flink-1.15.2 release and found the
following vulnerable open source libraries being used -
JDOM1.1
kryo2.24.0
libnetty-3.9-java3.9.0.Final
Netty Project3.10.6.Final
Play2.6.11
Apache Tika1.28.1
Apache Avro1.7.7
Apache Kafka2.8.1
The recommended versions for these libraries are -
JDOM2.0.2
kryo-5.5.0
libnetty-3.9-java3.9.9.Final
Netty Project 5.0.0.Final
Play2.8.16
Apache Tika2.4.1
Apache Avro1.8.2
Apache Kafka2.8.2
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
