[ https://issues.apache.org/jira/browse/FLINK-35040?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17836004#comment-17836004 ]
Shilun Fan commented on FLINK-35040: ------------------------------------ [~fanrui] I received your message, and I apologize for any inconvenience caused. The reason for upgrading commons-compress to version 1.26.0 is indeed due to the known CVE issues in commons-compress 1.24.0. We can refer to the following link: [https://mvnrepository.com/artifact/org.apache.commons/commons-compress/1.24.0] Direct vulnerabilities: CVE-2024-26308 CVE-2024-25710 Addressing the CVE issue is indeed necessary to prevent vulnerabilities in our system. I suggest we consider upgrading to version 1.26.1 to address this problem. Reverting to 1.24.0 might only serve as a temporary solution. > The performance of serializerHeavyString regresses since April 3 > ---------------------------------------------------------------- > > Key: FLINK-35040 > URL: https://issues.apache.org/jira/browse/FLINK-35040 > Project: Flink > Issue Type: Bug > Components: Benchmarks > Affects Versions: 1.20.0 > Reporter: Rui Fan > Assignee: Rui Fan > Priority: Blocker > Attachments: image-2024-04-08-10-51-07-403.png, > image-2024-04-11-12-53-53-353.png, screenshot-1.png > > > The performance of serializerHeavyString regresses since April 3, and had not > yet recovered on April 8th. > It seems Java 11 regresses, and Java 8 and Java 17 are fine. > http://flink-speed.xyz/timeline/#/?exe=1,6,12&ben=serializerHeavyString&extr=on&quarts=on&equid=off&env=3&revs=200 > !screenshot-1.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)