[jira] [Closed] (FLINK-19929) Upgrade Kinesis dependencies to avoid protobuf 2.6.1

Martijn Visser (Jira) Thu, 29 Jul 2021 12:00:10 -0700


     [ 
https://issues.apache.org/jira/browse/FLINK-19929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Martijn Visser closed FLINK-19929.
----------------------------------
    Resolution: Fixed

> Upgrade Kinesis dependencies to avoid protobuf 2.6.1
> ----------------------------------------------------
>
>                 Key: FLINK-19929
>                 URL: https://issues.apache.org/jira/browse/FLINK-19929
>             Project: Flink
>          Issue Type: Improvement
>          Components: Connectors / Kinesis
>            Reporter: Chesnay Schepler
>            Assignee: Martijn Visser
>            Priority: Minor
>              Labels: auto-deprioritized-major, pull-request-available
>             Fix For: 1.14.0
>
>
> Our current Kinesis dependencies (amazon-kinesis-client, 
> amazon-kinesis-producer) depend on protobuf 2.6.1, which are affected by 
> [CVE-2015-5237|https://nvd.nist.gov/vuln/detail/CVE-2015-5237].
> We should look into upgrade the client to 1.14.0, and the producer to 0.14.1 .



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Closed] (FLINK-19929) Upgrade Kinesis dependencies to avoid protobuf 2.6.1

Reply via email to