Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-19929

Upgrade Kinesis dependencies to avoid protobuf 2.6.1

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 1.13.0
    • Component/s: Connectors / Kinesis
    • Labels:
      None

      Description

      Our current Kinesis dependencies (amazon-kinesis-client, amazon-kinesis-producer) depend on protobuf 2.6.1, which are affected by CVE-2015-5237.

      We should look into upgrade the client to 1.14.0, and the producer to 0.14.1 .

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              chesnay Chesnay Schepler
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated: