[jira] [Created] (FLINK-39727) flink-kubernetes-operator: Bump fabric8 and operator-sdk to retire transitive CVEs

Purushottam Sinha (Jira) Thu, 21 May 2026 10:15:36 -0700

Purushottam Sinha created FLINK-39727:
-----------------------------------------


             Summary: flink-kubernetes-operator: Bump fabric8 and operator-sdk 
to retire transitive CVEs
                 Key: FLINK-39727
                 URL: https://issues.apache.org/jira/browse/FLINK-39727
             Project: Flink
          Issue Type: Technical Debt
          Components: Kubernetes Operator
            Reporter: Purushottam Sinha


Problem
io.fabric8:kubernetes-client 7.3.1 and io.javaoperatorsdk:operator-framework 
5.2.2 pull older Netty/Okio chains flagged by Trivy. Minor bumps within the 
same major lines retire CVEs along those paths.

Evidence
  - pom.xml:78 operator.sdk.version 5.2.2
  - pom.xml:81 fabric8.version 7.3.1
  - Latest stable: fabric8 7.7.0 (2026-05-12), operator-sdk 5.3.4 (2026-05-19)

Proposed fix
  - pom.xml:81: fabric8.version 7.3.1 → 7.7.0
  - pom.xml:78: operator.sdk.version 5.2.2 → 5.3.4

Acceptance
  - ./mvnw verify passes; CRD codegen output unchanged or reviewed



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (FLINK-39727) flink-kubernetes-operator: Bump fabric8 and operator-sdk to retire transitive CVEs

Reply via email to