Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-15554

Bump jetty-util-ajax to 9.3.24

    XMLWordPrintableJSON

    Details

      Description

      flink-fs-hadoop-azure has transitive dependency on jetty-util-ajax:9.3.19, which has a security vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657

      This was fixed in 9.3.24.v20180605 (source). Starting from version 3.2.1 hadoop-azure is using this version as well, but for a quick resolution I propose bumping this single dependency for the time being.

        Attachments

          Activity

            People

            • Assignee:
              chesnay Chesnay Schepler
              Reporter:
              chesnay Chesnay Schepler
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 10m
                10m