[ https://issues.apache.org/jira/browse/FLINK-33408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17781797#comment-17781797 ]
Zhou Shijie edited comment on FLINK-33408 at 11/1/23 3:44 PM: -------------------------------------------------------------- [~martijnvisser], [~chesnay], [~snuyanzin], [~mbalassi], [~gyfora], [~highfei2...@126.com], could you please review the PR in this issue, many thanks. was (Author: JIRAUSER302861): [~martijnvisser], [~mbalassi], [~gyfora], [~highfei2...@126.com], could you please review the PR in this issue, many thanks. > Fixing the container vulnerability by upgrade the SnakeYaml Maven dependency > in flink-kubernetes module. > -------------------------------------------------------------------------------------------------------- > > Key: FLINK-33408 > URL: https://issues.apache.org/jira/browse/FLINK-33408 > Project: Flink > Issue Type: Improvement > Components: Deployment / Kubernetes > Affects Versions: 1.18.0 > Reporter: Zhou Shijie > Priority: Major > Labels: pull-request-available > > Fix the container vulnerability in > [CVE-2022-1471|https://github.com/advisories/GHSA-mjmj-j48q-9wg2] by upgrade > the SnakeYaml dependency version in flink-kubernetes module. > Upgrade the Kubernetes Client from 6.6.2 to 6.7.0, thereby upgrading the > version of snakeyaml, which the Kubernetes Client indirectly depends on, from > 1.33 to 2.0. -- This message was sent by Atlassian Jira (v8.20.10#820010)