You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flink.apache.org by "Adam Roberts (Jira)" <ji...@apache.org> on 2021/03/08 15:41:00 UTC

[jira] [Created] (FLINK-21670) Bump log4j version to 2.8.2

Adam Roberts created FLINK-21670:
------------------------------------

             Summary: Bump log4j version to 2.8.2
                 Key: FLINK-21670
                 URL: https://issues.apache.org/jira/browse/FLINK-21670
             Project: Flink
          Issue Type: Bug
            Reporter: Adam Roberts


Hey everyone, another Twistlock scan done and, in the same manner as https://issues.apache.org/jira/browse/STORM-2528, it appears the Flink Python jar's impacted

 

Apparently we're using version 2.6.2 and bumping to 2.8.2 should be sufficient to remediate at least this potential problem [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5645]

 

I've done this scan against both 1.13 and 1.12.2, so ideally should be fixed in both if possible please. Cheers!



--
This message was sent by Atlassian Jira
(v8.3.4#803005)