You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Matthias (Jira)" <ji...@apache.org> on 2021/01/07 11:46:00 UTC
[jira] [Closed] (FLINK-20875) Could patch CVE-2020-17518 to version
1.10
[ https://issues.apache.org/jira/browse/FLINK-20875?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matthias closed FLINK-20875.
----------------------------
Resolution: Won't Fix
Hi [~ana4],
thanks for bringing this up. Unfortunately, we're actually not supporting Flink 1.10 anymore. You are free to create a backport of fix [a5264a6f|https://github.com/apache/flink/commit/a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4] yourself if you're not able to upgrade to one of the supported versions {{1.11.3+}} or {{1.12.0+}}.
I'm gonna close this issue for now as we would only create a dedicated {{1.10.3}} release containing the backport if there's a bigger desire by the Flink community.
> Could patch CVE-2020-17518 to version 1.10
> ------------------------------------------
>
> Key: FLINK-20875
> URL: https://issues.apache.org/jira/browse/FLINK-20875
> Project: Flink
> Issue Type: Bug
> Components: Runtime / Web Frontend
> Affects Versions: 1.10.2
> Reporter: Wong Mulan
> Priority: Major
>
> So many flink job of prod are running in version 1.10。
--
This message was sent by Atlassian Jira
(v8.3.4#803005)