You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "Parag Somani (Jira)" <ji...@apache.org> on 2022/01/24 09:17:00 UTC

[jira] [Commented] (FLINK-24736) Non vulenerable jar files for Apache Flink 1.14.3

    [ https://issues.apache.org/jira/browse/FLINK-24736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17480938#comment-17480938 ] 

Parag Somani commented on FLINK-24736:
--------------------------------------

Updated ticket with vulnerabilities for latest version of flink 1.14.3. These are coming from Netty et.al. which are more vulnerable versions.

[~chesnay] can you assist with this ?

> Non vulenerable jar files for Apache Flink 1.14.3
> -------------------------------------------------
>
>                 Key: FLINK-24736
>                 URL: https://issues.apache.org/jira/browse/FLINK-24736
>             Project: Flink
>          Issue Type: Bug
>            Reporter: Parag Somani
>            Priority: Major
>
> Hello,
> We are using Apache flink 1.14.3as one of base image in our production. Due to recent upgrade, we have many container security defects. 
> I am using "flink-1.14.3-bin-scala_2.12"in our k8s env.
> Please assist with Flink version having non-vulnerable libraries. List of vulnerable libs are as follows: 
> [7.5] [sonatype-2020-0029] [flink-rpc-akka] [1.14.3]
> [9.1] [CVE-2019-20445] [flink-rpc-akka] [1.14.3]
> [9.1] [CVE-2019-20444] [flink-rpc-akka] [1.14.3]
> [7.5] [CVE-2019-16869] [flink-rpc-akka] [1.14.3]
> [7.5] [sonatype-2020-0029] [flink-rpc-akka-loader] [1.14.3]
> [9.1] [CVE-2019-20445] [flink-rpc-akka-loader] [1.14.3]
> [9.1] [CVE-2019-20444] [flink-rpc-akka-loader] [1.14.3]
> [7.5] [CVE-2019-16869] [flink-rpc-akka-loader] [1.14.3]
> Can you assist with this ?



--
This message was sent by Atlassian Jira
(v8.20.1#820001)