You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "Flink Jira Bot (Jira)" <ji...@apache.org> on 2022/03/01 10:39:00 UTC

[jira] [Updated] (FLINK-23542) Upgrade Checkstyle to at least 8.29

     [ https://issues.apache.org/jira/browse/FLINK-23542?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Flink Jira Bot updated FLINK-23542:
-----------------------------------
      Labels: auto-deprioritized-minor pull-request-available  (was: pull-request-available stale-minor)
    Priority: Not a Priority  (was: Minor)

This issue was labeled "stale-minor" 7 days ago and has not received any updates so it is being deprioritized. If this ticket is actually Minor, please raise the priority and ask a committer to assign you the issue or revive the public discussion.


> Upgrade Checkstyle to at least 8.29
> -----------------------------------
>
>                 Key: FLINK-23542
>                 URL: https://issues.apache.org/jira/browse/FLINK-23542
>             Project: Flink
>          Issue Type: Technical Debt
>          Components: Build System
>            Reporter: Martijn Visser
>            Priority: Not a Priority
>              Labels: auto-deprioritized-minor, pull-request-available
>
> Checkstyle version < 8.29 are still vulnerable to XML External Entity (XXE) Processing due to an incomplete fix for CVE-2019-9658.
> {noformat}
> Impact
> User: Build Maintainers
> This vulnerability probably doesn't impact Maven/Gradle users as, in most cases, these builds are processing files that are trusted, or pre-vetted by a pull request reviewer before being run on internal CI infrastructure.
> {noformat}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)