You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flink.apache.org by "mixedfruit (Jira)" <ji...@apache.org> on 2021/08/27 10:16:00 UTC

[jira] [Created] (FLINK-24025) The components on which Flink depends may contain vulnerabilities. If yes, fix them.

mixedfruit created FLINK-24025:
----------------------------------

             Summary: The components on which Flink depends may contain vulnerabilities. If yes, fix them.
                 Key: FLINK-24025
                 URL: https://issues.apache.org/jira/browse/FLINK-24025
             Project: Flink
          Issue Type: Improvement
          Components: Build System
    Affects Versions: 1.11.3
            Reporter: mixedfruit


In Flink v1.11.3 contains netty(version:3.10.6) commons-compress(version:1.20) slf4j(version:1.7.15) cxf-rt-rs-json-basic(version:3.4.0) and bzip2(version:1.0.6). There are many vulnerabilities, like CVE-2020-13954,CVE-2021-22696,CVE-2021-30468,CVE-2018-8088, CVE-2021-21409,CVE-2021-35517 etc. please confirm these version and fix. thx



--
This message was sent by Atlassian Jira
(v8.3.4#803005)