You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "nagasudhakar (Jira)" <ji...@apache.org> on 2022/10/17 05:30:00 UTC

[jira] [Created] (FLINK-29654) Vulnerable libraries - Flink 1.15.2

nagasudhakar created FLINK-29654:
------------------------------------

             Summary: Vulnerable libraries - Flink 1.15.2
                 Key: FLINK-29654
                 URL: https://issues.apache.org/jira/browse/FLINK-29654
             Project: Flink
          Issue Type: Bug
          Components: Build System
    Affects Versions: 1.15.2
            Reporter: nagasudhakar


Hi, our organisation ran a security scan on Flink-1.15.2 release and found the following vulnerable open source libraries being used -
JDOM1.1
kryo2.24.0
libnetty-3.9-java3.9.0.Final
Netty Project3.10.6.Final
Play2.6.11
Apache Tika1.28.1
Apache Avro1.7.7
Apache Kafka2.8.1
The recommended versions for these libraries are -
JDOM2.0.2
kryo-5.5.0
libnetty-3.9-java3.9.9.Final
Netty Project 5.0.0.Final
Play2.8.16
Apache Tika2.4.1
Apache Avro1.8.2
Apache Kafka2.8.2



--
This message was sent by Atlassian Jira
(v8.20.10#820010)