You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Fabian Hueske (JIRA)" <ji...@apache.org> on 2018/07/31 13:22:00 UTC
[jira] [Created] (FLINK-10007) Security vulnerability in website
build infrastructure
Fabian Hueske created FLINK-10007:
-------------------------------------
Summary: Security vulnerability in website build infrastructure
Key: FLINK-10007
URL: https://issues.apache.org/jira/browse/FLINK-10007
Project: Flink
Issue Type: Bug
Components: Project Website
Reporter: Fabian Hueske
We've got a notification from Apache INFRA about a potential security vulnerability:
{quote}
We found a potential security vulnerability in a repository for which you have been granted security alert access.
@apache apache/flink-web
Known high severity security vulnerability detected in yajl-ruby < 1.3.1 defined in Gemfile.
Gemfile update suggested: yajl-ruby ~> 1.3.1.
{quote}
This is a problem with the build environment of the website, i.e., this dependency is not distributed or executed with Flink but only run when the website is updated.
Nonetheless, we should of course update the dependency.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)