[ https://issues.apache.org/jira/browse/FLINK-8308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16353880#comment-16353880 ]
ASF GitHub Bot commented on FLINK-8308: --------------------------------------- Github user uce commented on the issue: https://github.com/apache/flink/pull/5395 I've built this locally and everything looks good to me (linebreaks and code highlighting). I will merge this to `master`, but keep this PR open for a while. If everything works in the `buildbot` environment I will also merge it to 1.4. Then we can close this PR. :-) > Update yajl-ruby dependency to 1.3.1 or higher > ---------------------------------------------- > > Key: FLINK-8308 > URL: https://issues.apache.org/jira/browse/FLINK-8308 > Project: Flink > Issue Type: Task > Components: Project Website > Reporter: Fabian Hueske > Assignee: Steven Langbroek > Priority: Critical > Fix For: 1.5.0, 1.4.1 > > > We got notified that yajl-ruby < 1.3.1, a dependency which is used to build > the Flink website, has a security vulnerability of high severity. > We should update yajl-ruby to 1.3.1 or higher. > Since the website is built offline and served as static HTML, I don't think > this is a super critical issue (please correct me if I'm wrong), but we > should resolve this soon. -- This message was sent by Atlassian JIRA (v7.6.3#76005)