Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-23542

Upgrade Checkstyle to at least 8.29

    XMLWordPrintableJSON

    Details

    • Type: Technical Debt
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Build System

      Description

      Checkstyle version < 8.29 are still vulnerable to XML External Entity (XXE) Processing due to an incomplete fix for CVE-2019-9658.

      Impact
      User: Build Maintainers
      This vulnerability probably doesn't impact Maven/Gradle users as, in most cases, these builds are processing files that are trusted, or pre-vetted by a pull request reviewer before being run on internal CI infrastructure.
      
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                MartijnVisser Martijn Visser
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: