[ https://issues.apache.org/jira/browse/FLINK-34955?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17834682#comment-17834682 ]
Shilun Fan edited comment on FLINK-34955 at 4/7/24 2:17 PM: ------------------------------------------------------------ [~gongzhongqiang] Of course, if upgrading is possible, it would be a positive step forward. I think we should give it a try. I see that you have created the relevant JIRA ticket, so you can go ahead and attempt it. Hopefully, it will be successful. (However, my preference would be to stick with version 1.26 for now, and consider upgrading to 1.26.1 in the future. If other components of Flink need upgrading, I think it would be best to upgrade them to version 1.26 as well. Removing dependencies, in my opinion, is not a good option.) was (Author: slfan1989): [~gongzhongqiang] Of course, if upgrading is possible, it would be a positive step forward. I think we should give it a try. I see that you have created the relevant JIRA ticket, so you can go ahead and attempt it. Hopefully, it will be successful. > Upgrade commons-compress to 1.26.0 > ---------------------------------- > > Key: FLINK-34955 > URL: https://issues.apache.org/jira/browse/FLINK-34955 > Project: Flink > Issue Type: Improvement > Reporter: Shilun Fan > Assignee: Shilun Fan > Priority: Major > Labels: pull-request-available > Fix For: 1.18.2, 1.20.0, 1.19.1 > > > commons-compress 1.24.0 has CVE issues, try to upgrade to 1.26.0, we can > refer to the maven link > https://mvnrepository.com/artifact/org.apache.commons/commons-compress -- This message was sent by Atlassian Jira (v8.20.10#820010)