[jira] [Commented] (FLINK-35282) PyFlink Support for Apache Beam > 2.49
[ https://issues.apache.org/jira/browse/FLINK-35282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17852074#comment-17852074 ] Hong Liang Teoh commented on FLINK-35282: - Yes. Reopned JIRA > PyFlink Support for Apache Beam > 2.49 > -- > > Key: FLINK-35282 > URL: https://issues.apache.org/jira/browse/FLINK-35282 > Project: Flink > Issue Type: Improvement > Components: API / Python >Affects Versions: 1.19.0, 1.18.1 >Reporter: APA >Assignee: Antonio Vespoli >Priority: Major > Labels: pull-request-available > Fix For: 1.20.0 > > > From what I see PyFlink still has the requirement of Apache Beam => 2.43.0 > and <= 2.49.0 which subsequently results in a requirement of PyArrow <= > 12.0.0. That keeps us exposed to > [https://nvd.nist.gov/vuln/detail/CVE-2023-47248] > I'm not deep enough familiar with the PyFlink code base to understand why > Apache Beam's upper dependency limit can't be lifted. From all the existing > issues I haven't seen one addressing this. Therefore I created one now. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (FLINK-35282) PyFlink Support for Apache Beam > 2.49
[ https://issues.apache.org/jira/browse/FLINK-35282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17851954#comment-17851954 ] Hong Liang Teoh commented on FLINK-35282: - merged commit [{{91a9e06}}|https://github.com/apache/flink/commit/91a9e06d3cb611e048274088e56b2c110cd29926] into apache:master > PyFlink Support for Apache Beam > 2.49 > -- > > Key: FLINK-35282 > URL: https://issues.apache.org/jira/browse/FLINK-35282 > Project: Flink > Issue Type: Improvement > Components: API / Python >Affects Versions: 1.19.0, 1.18.1 >Reporter: APA >Priority: Major > Labels: pull-request-available > Fix For: 1.20.0 > > > From what I see PyFlink still has the requirement of Apache Beam => 2.43.0 > and <= 2.49.0 which subsequently results in a requirement of PyArrow <= > 12.0.0. That keeps us exposed to > [https://nvd.nist.gov/vuln/detail/CVE-2023-47248] > I'm not deep enough familiar with the PyFlink code base to understand why > Apache Beam's upper dependency limit can't be lifted. From all the existing > issues I haven't seen one addressing this. Therefore I created one now. -- This message was sent by Atlassian Jira (v8.20.10#820010)