You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "Robert Metzger (Jira)" <ji...@apache.org> on 2020/10/26 15:19:00 UTC

[jira] [Closed] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200

     [ https://issues.apache.org/jira/browse/FLINK-19784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Metzger closed FLINK-19784.
----------------------------------
    Fix Version/s:     (was: 1.11.3)
                       (was: 1.12.0)
       Resolution: Won't Fix

> Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200
> -------------------------------------------------------
>
>                 Key: FLINK-19784
>                 URL: https://issues.apache.org/jira/browse/FLINK-19784
>             Project: Flink
>          Issue Type: Task
>          Components: Runtime / Metrics
>    Affects Versions: 1.12.0, 1.11.2
>            Reporter: Till Rohrmann
>            Assignee: Robert Metzger
>            Priority: Critical
>
> A user reported a dependency vulnerability which affects {{okhttp}} [1]. We should upgrade this dependency to {{3.13.0}} or newer. The dependency is used by the datadog reporter.
> [1] https://lists.apache.org/thread.html/r0dd7ff197b2e3bdd80a0326587ca3d0c22e10d1dba17c769d6da7d7a%40%3Cuser.flink.apache.org%3E



--
This message was sent by Atlassian Jira
(v8.3.4#803005)