[ https://issues.apache.org/jira/browse/FLINK-23542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17825712#comment-17825712 ]
Ryan Skraba commented on FLINK-23542: ------------------------------------- This has become slightly more important : the last version of the CheckStyle-IDEA plugin we use in IntelliJ dropped support for 8.x in March 2024 [https://github.com/jshiell/checkstyle-idea/releases/tag/5.88.0] New Flink developers or existing developers keeping their IDE and plugins up to date won't be able to use the existing checkstyle configuration. > Upgrade Checkstyle to at least 8.29 > ----------------------------------- > > Key: FLINK-23542 > URL: https://issues.apache.org/jira/browse/FLINK-23542 > Project: Flink > Issue Type: Technical Debt > Components: Build System > Reporter: Martijn Visser > Priority: Not a Priority > Labels: auto-deprioritized-minor, pull-request-available > > Checkstyle version < 8.29 are still vulnerable to XML External Entity (XXE) > Processing due to an incomplete fix for CVE-2019-9658. > {noformat} > Impact > User: Build Maintainers > This vulnerability probably doesn't impact Maven/Gradle users as, in most > cases, these builds are processing files that are trusted, or pre-vetted by a > pull request reviewer before being run on internal CI infrastructure. > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)