You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@flink.apache.org by ch...@apache.org on 2019/11/21 11:02:59 UTC

[flink] 03/04: Add building instructions

This is an automated email from the ASF dual-hosted git repository.

chesnay pushed a commit to branch release-1.8
in repository https://gitbox.apache.org/repos/asf/flink.git

commit fef8a9722586f5bbb3b1ca2aa44ffdb006659c51
Author: Chesnay Schepler <ch...@apache.org>
AuthorDate: Wed Nov 20 11:39:55 2019 +0100

    Add building instructions
---
 docs/flinkDev/building.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/flinkDev/building.md b/docs/flinkDev/building.md
index 56cf928..069f93d 100644
--- a/docs/flinkDev/building.md
+++ b/docs/flinkDev/building.md
@@ -138,5 +138,15 @@ The workaround is to add:
 
 in the compiler configuration of the `pom.xml` file of the module causing the error. For example, if the error appears in the `flink-yarn` module, the above code should be added under the `<configuration>` tag of `scala-maven-plugin`. See [this issue](https://issues.apache.org/jira/browse/FLINK-2003) for more information.
 
+## Jackson
+
+Multiple Flink components use [Jackson](https://github.com/FasterXML/jackson). Older versions of jackson (<`2.10.1`) are subject to a variety of security vulnerabilities.
+
+Flink 1.8.3+ offers an opt-in profile (`use-jackson-2.10.1`) for building Flink against Jackson `2.10.1`; including `jackson-annotations`, `jackson-core` and `jackson-databind`.
+
+Usage: `mvn package -Puse-jackson-2.10.1`
+
+When you build a maven application against this Flink version it is recommended to bump the `maven-shade-plugin` version to at least `3.1.1` to prevent packaging errors.
+
 {% top %}