You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "Matthias (Jira)" <ji...@apache.org> on 2021/01/07 11:46:00 UTC

[jira] [Closed] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10

     [ https://issues.apache.org/jira/browse/FLINK-20875?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Matthias closed FLINK-20875.
----------------------------
    Resolution: Won't Fix

Hi [~ana4],
thanks for bringing this up. Unfortunately, we're actually not supporting Flink 1.10 anymore. You are free to create a backport of fix [a5264a6f|https://github.com/apache/flink/commit/a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4] yourself if you're not able to upgrade to one of the supported versions {{1.11.3+}} or {{1.12.0+}}. 

I'm gonna close this issue for now as we would only create a dedicated {{1.10.3}} release containing the backport if there's a bigger desire by the Flink community.

> Could patch CVE-2020-17518 to version 1.10
> ------------------------------------------
>
>                 Key: FLINK-20875
>                 URL: https://issues.apache.org/jira/browse/FLINK-20875
>             Project: Flink
>          Issue Type: Bug
>          Components: Runtime / Web Frontend
>    Affects Versions: 1.10.2
>            Reporter: Wong Mulan
>            Priority: Major
>
> So many flink job of prod are running in version 1.10。



--
This message was sent by Atlassian Jira
(v8.3.4#803005)