You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "Fabian Hueske (JIRA)" <ji...@apache.org> on 2018/07/31 13:22:00 UTC

[jira] [Created] (FLINK-10007) Security vulnerability in website build infrastructure

Fabian Hueske created FLINK-10007:
-------------------------------------

             Summary: Security vulnerability in website build infrastructure
                 Key: FLINK-10007
                 URL: https://issues.apache.org/jira/browse/FLINK-10007
             Project: Flink
          Issue Type: Bug
          Components: Project Website
            Reporter: Fabian Hueske


We've got a notification from Apache INFRA about a potential security vulnerability:

{quote}
We found a potential security vulnerability in a repository for which you have been granted security alert access.
@apache 	apache/flink-web
Known high severity security vulnerability detected in yajl-ruby < 1.3.1 defined in Gemfile.
Gemfile update suggested: yajl-ruby ~> 1.3.1. 
{quote}

This is a problem with the build environment of the website, i.e., this dependency is not distributed or executed with Flink but only run when the website is updated.

Nonetheless, we should of course update the dependency.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)