You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/10/20 20:32:00 UTC

[jira] [Updated] (FLINK-29710) Upgrade the minimal supported hadoop version to 2.10.2

     [ https://issues.apache.org/jira/browse/FLINK-29710?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

ASF GitHub Bot updated FLINK-29710:
-----------------------------------
    Labels: pull-request-available  (was: )

> Upgrade the minimal supported hadoop version to 2.10.2
> ------------------------------------------------------
>
>                 Key: FLINK-29710
>                 URL: https://issues.apache.org/jira/browse/FLINK-29710
>             Project: Flink
>          Issue Type: Technical Debt
>          Components: FileSystems
>            Reporter: Martijn Visser
>            Assignee: Martijn Visser
>            Priority: Major
>              Labels: pull-request-available
>
> Hadoop 2.8.5 is vulnerable for multiple CVEs such as https://nvd.nist.gov/vuln/detail/CVE-2022-25168 and https://nvd.nist.gov/vuln/detail/CVE-2022-26612 which are classified as Critical. While Flink is not directly impacted by those, we do see vulnerability scanners flag Flink as being vulnerable. We could easily mitigate that by bumping the minimal supported version of Hadoop to 2.10.2.
> Please note that this doesn't break the binary protocol compatibility, which means that 2.10.2 client can still talk to older servers.
> Discussion thread: https://lists.apache.org/thread/tgw2dmnoxm7sdwyjohskmvpk3pdd3qvm



--
This message was sent by Atlassian Jira
(v8.20.10#820010)