subject:"\[jira\] \[Commented\] \(FLINK\-35282\) PyFlink Support for Apache Beam

[jira] [Commented] (FLINK-35282) PyFlink Support for Apache Beam > 2.49

2024-06-04 Thread Hong Liang Teoh (Jira)



[ 
https://issues.apache.org/jira/browse/FLINK-35282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17852074#comment-17852074
 ] 

Hong Liang Teoh commented on FLINK-35282:
-

Yes. Reopned JIRA

> PyFlink Support for Apache Beam > 2.49
> --
>
> Key: FLINK-35282
> URL: https://issues.apache.org/jira/browse/FLINK-35282
> Project: Flink
>  Issue Type: Improvement
>  Components: API / Python
>Affects Versions: 1.19.0, 1.18.1
>Reporter: APA
>Assignee: Antonio Vespoli
>Priority: Major
>  Labels: pull-request-available
> Fix For: 1.20.0
>
>
> From what I see PyFlink still has the requirement of Apache Beam => 2.43.0 
> and <= 2.49.0 which subsequently results in a requirement of PyArrow <= 
> 12.0.0. That keeps us exposed to 
> [https://nvd.nist.gov/vuln/detail/CVE-2023-47248]
> I'm not deep enough familiar with the PyFlink code base to understand why 
> Apache Beam's upper dependency limit can't be lifted. From all the existing 
> issues I haven't seen one addressing this. Therefore I created one now. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (FLINK-35282) PyFlink Support for Apache Beam > 2.49

2024-06-04 Thread Hong Liang Teoh (Jira)



[ 
https://issues.apache.org/jira/browse/FLINK-35282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17851954#comment-17851954
 ] 

Hong Liang Teoh commented on FLINK-35282:
-

 merged commit 
[{{91a9e06}}|https://github.com/apache/flink/commit/91a9e06d3cb611e048274088e56b2c110cd29926]
 into   apache:master

> PyFlink Support for Apache Beam > 2.49
> --
>
> Key: FLINK-35282
> URL: https://issues.apache.org/jira/browse/FLINK-35282
> Project: Flink
>  Issue Type: Improvement
>  Components: API / Python
>Affects Versions: 1.19.0, 1.18.1
>Reporter: APA
>Priority: Major
>  Labels: pull-request-available
> Fix For: 1.20.0
>
>
> From what I see PyFlink still has the requirement of Apache Beam => 2.43.0 
> and <= 2.49.0 which subsequently results in a requirement of PyArrow <= 
> 12.0.0. That keeps us exposed to 
> [https://nvd.nist.gov/vuln/detail/CVE-2023-47248]
> I'm not deep enough familiar with the PyFlink code base to understand why 
> Apache Beam's upper dependency limit can't be lifted. From all the existing 
> issues I haven't seen one addressing this. Therefore I created one now. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (FLINK-35282) PyFlink Support for Apache Beam > 2.49

[jira] [Commented] (FLINK-35282) PyFlink Support for Apache Beam > 2.49

2 matches

Site Navigation

Mail list logo

Footer information