[
https://issues.apache.org/jira/browse/FLINK-34955?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17834682#comment-17834682
]
Shilun Fan edited comment on FLINK-34955 at 4/7/24 2:17 PM:
------------------------------------------------------------
[~gongzhongqiang] Of course, if upgrading is possible, it would be a positive
step forward. I think we should give it a try. I see that you have created the
relevant JIRA ticket, so you can go ahead and attempt it. Hopefully, it will be
successful. (However, my preference would be to stick with version 1.26 for
now, and consider upgrading to 1.26.1 in the future. If other components of
Flink need upgrading, I think it would be best to upgrade them to version 1.26
as well. Removing dependencies, in my opinion, is not a good option.)
was (Author: slfan1989):
[~gongzhongqiang] Of course, if upgrading is possible, it would be a positive
step forward. I think we should give it a try. I see that you have created the
relevant JIRA ticket, so you can go ahead and attempt it. Hopefully, it will be
successful.
> Upgrade commons-compress to 1.26.0
> ----------------------------------
>
> Key: FLINK-34955
> URL: https://issues.apache.org/jira/browse/FLINK-34955
> Project: Flink
> Issue Type: Improvement
> Reporter: Shilun Fan
> Assignee: Shilun Fan
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.18.2, 1.20.0, 1.19.1
>
>
> commons-compress 1.24.0 has CVE issues, try to upgrade to 1.26.0, we can
> refer to the maven link
> https://mvnrepository.com/artifact/org.apache.commons/commons-compress
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
