[jira] [Updated] (FLINK-39727) flink-kubernetes-operator: Bump fabric8 and operator-sdk to retire transitive CVEs

ASF GitHub Bot (Jira) Thu, 21 May 2026 10:15:08 -0700


     [ 
https://issues.apache.org/jira/browse/FLINK-39727?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


ASF GitHub Bot updated FLINK-39727:
-----------------------------------
    Labels: pull-request-available  (was: )

> flink-kubernetes-operator: Bump fabric8 and operator-sdk to retire transitive 
> CVEs
> ----------------------------------------------------------------------------------
>
>                 Key: FLINK-39727
>                 URL: https://issues.apache.org/jira/browse/FLINK-39727
>             Project: Flink
>          Issue Type: Technical Debt
>          Components: Kubernetes Operator
>            Reporter: Purushottam Sinha
>            Priority: Minor
>              Labels: pull-request-available
>
> Problem
> io.fabric8:kubernetes-client 7.3.1 and io.javaoperatorsdk:operator-framework 
> 5.2.2 pull older Netty/Okio chains flagged by Trivy. Minor bumps within the 
> same major lines retire CVEs along those paths.
> Evidence
>   - pom.xml:78 operator.sdk.version 5.2.2
>   - pom.xml:81 fabric8.version 7.3.1
>   - Latest stable: fabric8 7.7.0 (2026-05-12), operator-sdk 5.3.4 (2026-05-19)
> Proposed fix
>   - pom.xml:81: fabric8.version 7.3.1 → 7.7.0
>   - pom.xml:78: operator.sdk.version 5.2.2 → 5.3.4
> Acceptance
>   - ./mvnw verify passes; CRD codegen output unchanged or reviewed



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (FLINK-39727) flink-kubernetes-operator: Bump fabric8 and operator-sdk to retire transitive CVEs

Reply via email to