You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by GitBox <gi...@apache.org> on 2021/01/25 12:51:50 UTC

[GitHub] [flink] rmetzger commented on pull request #14749: [FLINK-21123][fs] Bump beanutils to 1.9.4

rmetzger commented on pull request #14749:
URL: https://github.com/apache/flink/pull/14749#issuecomment-766794435


   Thanks for opening this PR. It seems that the K8s e2e is not passing anymore due to this change.
   
   Also, I'm not sure what's more valuable: shipping a "vulnerability free" but maybe broken flink-fs-swift-hadoop implementation vs a vulnerable but maybe broken flink-fs-swift-hadoop impl. From a project perspective, we are having more trouble releasing a fat jar containing a vulnerable dependency than a potentially broken one.
   If this dependency bump would break the connector, we would at least learn that there's a user (and affected users could still use the 1.12 release of the connector impl while we fix it).


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org