You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flink.apache.org by "Adam Roberts (Jira)" <ji...@apache.org> on 2021/03/08 15:41:00 UTC
[jira] [Created] (FLINK-21670) Bump log4j version to 2.8.2
Adam Roberts created FLINK-21670:
------------------------------------
Summary: Bump log4j version to 2.8.2
Key: FLINK-21670
URL: https://issues.apache.org/jira/browse/FLINK-21670
Project: Flink
Issue Type: Bug
Reporter: Adam Roberts
Hey everyone, another Twistlock scan done and, in the same manner as https://issues.apache.org/jira/browse/STORM-2528, it appears the Flink Python jar's impacted
Apparently we're using version 2.6.2 and bumping to 2.8.2 should be sufficient to remediate at least this potential problem [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5645]
I've done this scan against both 1.13 and 1.12.2, so ideally should be fixed in both if possible please. Cheers!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)