You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by GitBox <gi...@apache.org> on 2022/10/14 08:24:36 UTC

[GitHub] [flink] snuyanzin opened a new pull request, #21064: [FLINK-29638][connectors][filesystems][formats] Update Jackson-BOM to 2.13.4.2

snuyanzin opened a new pull request, #21064:
URL: https://github.com/apache/flink/pull/21064

   ## What is the purpose of the change
   Update multiple Jackson dependencies to 2.13.4.2 to fix CVE-2022-42003 
   
   
   ## Brief change log
   
   * Updated POM file
   
   
   ## Verifying this change
   
   This change is a trivial rework / code cleanup without any test coverage.
   ## Does this pull request potentially affect one of the following parts:
   
     - Dependencies (does it add or upgrade a dependency): (yes )
     - The public API, i.e., is any changed class annotated with `@Public(Evolving)`: ( no)
     - The serializers: ( no )
     - The runtime per-record code paths (performance sensitive): (no)
     - Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: (no)
     - The S3 file system connector: (no)
   
   ## Documentation
   
     - Does this pull request introduce a new feature? ( no)
     - If yes, how is the feature documented? (not applicable )
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flink] flinkbot commented on pull request #21064: [FLINK-29638][connectors][filesystems][formats] Update Jackson-BOM to 2.13.4.2

Posted by GitBox <gi...@apache.org>.

flinkbot commented on PR #21064:
URL: https://github.com/apache/flink/pull/21064#issuecomment-1278683751

   <!--
   Meta data
   {
     "version" : 1,
     "metaDataEntries" : [ {
       "hash" : "4b5cffa4145309b2e592cdc7bd2c228e506304d4",
       "status" : "UNKNOWN",
       "url" : "TBD",
       "triggerID" : "4b5cffa4145309b2e592cdc7bd2c228e506304d4",
       "triggerType" : "PUSH"
     } ]
   }-->
   ## CI report:
   
   * 4b5cffa4145309b2e592cdc7bd2c228e506304d4 UNKNOWN
   
   <details>
   <summary>Bot commands</summary>
     The @flinkbot bot supports the following commands:
   
    - `@flinkbot run azure` re-run the last Azure build
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flink] snuyanzin commented on pull request #21064: [FLINK-29638][connectors][filesystems][formats] Update Jackson-BOM to 2.13.4.2 because of CVE-2022-42003

Posted by GitBox <gi...@apache.org>.

snuyanzin commented on PR #21064:
URL: https://github.com/apache/flink/pull/21064#issuecomment-1278910720

   @flinkbot run azure
   
   failure seems related to https://issues.apache.org/jira/browse/FLINK-29387


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flink] XComp merged pull request #21064: [FLINK-29638][connectors][filesystems][formats] Update Jackson-BOM to 2.13.4.2 because of CVE-2022-42003

Posted by GitBox <gi...@apache.org>.

XComp merged PR #21064:
URL: https://github.com/apache/flink/pull/21064


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flink] XComp commented on pull request #21064: [FLINK-29638][connectors][filesystems][formats] Update Jackson-BOM to 2.13.4.2 because of CVE-2022-42003

Posted by GitBox <gi...@apache.org>.

XComp commented on PR #21064:
URL: https://github.com/apache/flink/pull/21064#issuecomment-1283730778

   I created backports for 1.16 (and 1.15) to speed things up and to make the change more likely to go into 1.16.0. Please have a look at the PRs, @snuyanzin 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org