[ https://issues.apache.org/jira/browse/FLINK-35282?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Nuyanzin reopened FLINK-35282: ------------------------------------- I noticed that it was reverted by [~hong] at [caa68c2481f7c483d0364206d36654af26f2074f|https://github.com/apache/flink/commit/caa68c2481f7c483d0364206d36654af26f2074f] for that reason it would make sense to reopen the issue as well BTW I have a fix for license check issue at https://github.com/snuyanzin/flink/commit/5a4f4d0eb785050552c73fbfc74214f85ee278b0 We could try is once build becomes more stable > PyFlink Support for Apache Beam > 2.49 > -------------------------------------- > > Key: FLINK-35282 > URL: https://issues.apache.org/jira/browse/FLINK-35282 > Project: Flink > Issue Type: Improvement > Components: API / Python > Affects Versions: 1.19.0, 1.18.1 > Reporter: APA > Assignee: Antonio Vespoli > Priority: Major > Labels: pull-request-available > Fix For: 1.20.0 > > > From what I see PyFlink still has the requirement of Apache Beam => 2.43.0 > and <= 2.49.0 which subsequently results in a requirement of PyArrow <= > 12.0.0. That keeps us exposed to > [https://nvd.nist.gov/vuln/detail/CVE-2023-47248] > I'm not deep enough familiar with the PyFlink code base to understand why > Apache Beam's upper dependency limit can't be lifted. From all the existing > issues I haven't seen one addressing this. Therefore I created one now. -- This message was sent by Atlassian Jira (v8.20.10#820010)