Sanjay Nathani created FLINK-29341:
--------------------------------------
Summary: Upgrade Apache Kafka version to 7.1.1-ccs to resolve
CVE-2021-38153
Key: FLINK-29341
URL: https://issues.apache.org/jira/browse/FLINK-29341
Project: Flink
Issue Type: Bug
Reporter: Sanjay Nathani
Fix For: 1.13.6
The flink-connector-kafka module has Kafka as dependency being intorduced from
here
[https://github.com/apache/flink/blob/release-1.13.6/flink-connectors/flink-connector-kafka/pom.xml]
. The version of kafka is 2.4.1 which is vulnerable having CVE-2021-38153 . In
order to remove this CVE kafka version should be upgraded to 2.6.3 as said hereĀ
https://lists.apache.org/thread/7vrvjt7tm7m46txds3kt6bywd8vp5px0
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
