[
https://issues.apache.org/jira/browse/FLINK-8308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16346599#comment-16346599
]
Steven Langbroek commented on FLINK-8308:
-----------------------------------------
As far as I can tell current {{jekyll}} version (2.5.3) has a hard dependency
on pygments, which depends on {{yajl-ruby}} 1.2.2. There is no higher version
in the major 2 range of {{jekyll}}, so the only way to fix this is by upgrading
to jekyll 3. What this means:
* We can't support Ruby 1.9 anymore, as stated in the {{Gemfile}}. So we could
get rid of the ruby 1 / ruby 2 split in the docs folder.
* We're going up a major version, and there are breaking API changes. This
will be a bit of work.
Agree? [~uce] [~fhueske]
> Update yajl-ruby dependency to 1.3.1 or higher
> ----------------------------------------------
>
> Key: FLINK-8308
> URL: https://issues.apache.org/jira/browse/FLINK-8308
> Project: Flink
> Issue Type: Task
> Components: Project Website
> Reporter: Fabian Hueske
> Assignee: Steven Langbroek
> Priority: Critical
> Fix For: 1.5.0, 1.4.1
>
>
> We got notified that yajl-ruby < 1.3.1, a dependency which is used to build
> the Flink website, has a security vulnerability of high severity.
> We should update yajl-ruby to 1.3.1 or higher.
> Since the website is built offline and served as static HTML, I don't think
> this is a super critical issue (please correct me if I'm wrong), but we
> should resolve this soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
