Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-21411

The components on which Flink depends may contain vulnerabilities. If yes, fix them.

    XMLWordPrintableJSON

Details

    Description

      In Flink v1.11.3 contains mesos(version: 1.0.1) okhttp(version: 3.7.0) log4j(version:2.12.1) netty(version:3.10.6) jackson-databind(2.10.1) jackson(version:2.10.1) and bzip2(version:1.0.6). There are many vulnerabilities, like CVE-2017-7687,CVE-2017-9790,CVE-2018-8023,CVE-2018-20200,CVE-2020-9488,CVE-2019-20444,CVE-2019-20445,CVE-2019-16869,CVE-2020-25649,CVE-2020-25649,CVE-2019-12900,CVE-2016-3189,CVE-2018-8088 etc. please confirm these version and fix. thx

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. FLINK-21670 Bump log4j versions (two places - 2.8.2 for Python, 2.13.2 elsewhere)

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          links to

          Web Link GitHub Pull Request #16568

          Web Link GitHub Pull Request #16569

          Web Link GitHub Pull Request #16572

          Web Link GitHub Pull Request #16573

          Activity

            People

              yunta Yun Tang
              crazyinner dgbro
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: