[jira] [Created] (FLINK-21411) The components on which Flink depends may contain vulnerabilities. If yes, fix them.

dgbro (Jira) Thu, 18 Feb 2021 17:14:06 -0800

dgbro created FLINK-21411:
-----------------------------

             Summary: The components on which Flink depends may contain 
vulnerabilities. If yes, fix them.
                 Key: FLINK-21411
                 URL: https://issues.apache.org/jira/browse/FLINK-21411
             Project: Flink
          Issue Type: Improvement
            Reporter: dgbro



In Flink v1.11.3 contains mesos(version: 1.0.1) okhttp(version: 3.7.0) 
log4j(version:2.12.1) netty(version:3.10.6) jackson-databind(2.10.1) 
jackson(version:2.10.1) and bzip2(version:1.0.6). There are many 
vulnerabilities, like 
CVE-2017-7687,CVE-2017-9790,CVE-2018-8023,CVE-2018-20200,CVE-2020-9488,CVE-2019-20444,CVE-2019-20445,CVE-2019-16869,CVE-2020-25649,CVE-2020-25649,CVE-2019-12900,CVE-2016-3189
 etc. please confirm these version and fix. thx



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (FLINK-21411) The components on which Flink depends may contain vulnerabilities. If yes, fix them.

Reply via email to