[
https://issues.apache.org/jira/browse/FLINK-35040?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17836004#comment-17836004
]
Shilun Fan commented on FLINK-35040:
------------------------------------
[~fanrui] I received your message, and I apologize for any inconvenience
caused. The reason for upgrading commons-compress to version 1.26.0 is indeed
due to the known CVE issues in commons-compress 1.24.0.
We can refer to the following link:
[https://mvnrepository.com/artifact/org.apache.commons/commons-compress/1.24.0]
Direct vulnerabilities: CVE-2024-26308 CVE-2024-25710
Addressing the CVE issue is indeed necessary to prevent vulnerabilities in our
system. I suggest we consider upgrading to version 1.26.1 to address this
problem. Reverting to 1.24.0 might only serve as a temporary solution.
> The performance of serializerHeavyString regresses since April 3
> ----------------------------------------------------------------
>
> Key: FLINK-35040
> URL: https://issues.apache.org/jira/browse/FLINK-35040
> Project: Flink
> Issue Type: Bug
> Components: Benchmarks
> Affects Versions: 1.20.0
> Reporter: Rui Fan
> Assignee: Rui Fan
> Priority: Blocker
> Attachments: image-2024-04-08-10-51-07-403.png,
> image-2024-04-11-12-53-53-353.png, screenshot-1.png
>
>
> The performance of serializerHeavyString regresses since April 3, and had not
> yet recovered on April 8th.
> It seems Java 11 regresses, and Java 8 and Java 17 are fine.
> http://flink-speed.xyz/timeline/#/?exe=1,6,12&ben=serializerHeavyString&extr=on&quarts=on&equid=off&env=3&revs=200
> !screenshot-1.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
