Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-19784

Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200

    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Closed
    • Priority: Critical
    • Resolution: Won't Fix
    • Affects Version/s: 1.12.0, 1.11.2
    • Fix Version/s: None
    • Component/s: Runtime / Metrics
    • Labels:
      None

      Description

      A user reported a dependency vulnerability which affects okhttp [1]. We should upgrade this dependency to 3.13.0 or newer. The dependency is used by the datadog reporter.

      [1] https://lists.apache.org/thread.html/r0dd7ff197b2e3bdd80a0326587ca3d0c22e10d1dba17c769d6da7d7a%40%3Cuser.flink.apache.org%3E

        Attachments

          Activity

            People

            • Assignee:
              rmetzger Robert Metzger
              Reporter:
              trohrmann Till Rohrmann
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: