You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "Tzu-Li (Gordon) Tai (JIRA)" <ji...@apache.org> on 2018/02/10 13:25:04 UTC

[jira] [Updated] (FLINK-8308) Update yajl-ruby dependency to 1.3.1 or higher

     [ https://issues.apache.org/jira/browse/FLINK-8308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tzu-Li (Gordon) Tai updated FLINK-8308:
---------------------------------------
    Fix Version/s:     (was: 1.4.1)
                   1.4.2

> Update yajl-ruby dependency to 1.3.1 or higher
> ----------------------------------------------
>
>                 Key: FLINK-8308
>                 URL: https://issues.apache.org/jira/browse/FLINK-8308
>             Project: Flink
>          Issue Type: Task
>          Components: Project Website
>            Reporter: Fabian Hueske
>            Assignee: Steven Langbroek
>            Priority: Critical
>             Fix For: 1.5.0, 1.4.2
>
>
> We got notified that yajl-ruby < 1.3.1, a dependency which is used to build the Flink website, has a  security vulnerability of high severity.
> We should update yajl-ruby to 1.3.1 or higher.
> Since the website is built offline and served as static HTML, I don't think this is a super critical issue (please correct me if I'm wrong), but we should resolve this soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)