[jira] [Updated] (FLINK-33408) Bump the snakeyaml from 1.33 to 2.0 to fix the container vulnerability.

Zhou Shijie (Jira) Wed, 01 Nov 2023 18:15:04 -0700


     [ 
https://issues.apache.org/jira/browse/FLINK-33408?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Zhou Shijie updated FLINK-33408:
--------------------------------
    Summary: Bump the snakeyaml from 1.33 to 2.0 to fix the container 
vulnerability.  (was: Bump the snakeyaml from 1.33 to 1.20 to fix the container 
vulnerability.)

> Bump the snakeyaml from 1.33 to 2.0 to fix the container vulnerability.
> -----------------------------------------------------------------------
>
>                 Key: FLINK-33408
>                 URL: https://issues.apache.org/jira/browse/FLINK-33408
>             Project: Flink
>          Issue Type: Improvement
>          Components: Deployment / Kubernetes
>    Affects Versions: 1.18.0
>            Reporter: Zhou Shijie
>            Priority: Major
>              Labels: pull-request-available
>
> Fix the container vulnerability in 
> [CVE-2022-1471|https://github.com/advisories/GHSA-mjmj-j48q-9wg2] by upgrade 
> the SnakeYaml dependency version in flink-kubernetes module.
> Upgrade the Kubernetes Client from 6.6.2 to 6.7.0, thereby upgrading the 
> version of snakeyaml, which the Kubernetes Client indirectly depends on, from 
> 1.33 to 2.0.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (FLINK-33408) Bump the snakeyaml from 1.33 to 2.0 to fix the container vulnerability.

Reply via email to