[FLINK-24736] Non vulenerable jar files for Apache Flink 1.14.4 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

Hello,

We are using Apache flink 1.14.4 as one of base image in our production. Due to recent upgrade, we have many container security defects.

I am using "flink-1.14.4-bin-scala_2.12"in our k8s env.

Please assist with Flink version having non-vulnerable libraries. List of vulnerable libs are as follows:

[7.5] [CVE-2019-16869] [flink-rpc-akka-loader] [1.14.4]
[9.1] [CVE-2019-20444] [flink-rpc-akka-loader] [1.14.4]
[9.1] [CVE-2019-20445] [flink-rpc-akka-loader] [1.14.4]
[7.5] [sonatype-2019-0115] [flink-rpc-akka-loader] [1.14.4]
[7.5] [sonatype-2020-0029] [flink-rpc-akka-loader] [1.14.4]
[7.5] [CVE-2019-16869] [flink-rpc-akka] [1.14.4]
[9.1] [CVE-2019-20444] [flink-rpc-akka] [1.14.4]
[9.1] [CVE-2019-20445] [flink-rpc-akka] [1.14.4]
[7.5] [sonatype-2019-0115] [flink-rpc-akka] [1.14.4]
[7.5] [sonatype-2020-0029] [flink-rpc-akka] [1.14.4]

Can you assist with this ?

Attachments

Issue Links

is duplicated by

FLINK-28372 Investigate Akka Artery

Open

FLINK-31216 Update kryo to current

Closed

FLINK-31217 Update netty to current

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Parag Somani

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 02/Nov/21 11:57

Updated:: 01/Aug/23 16:58

Resolved:: 27/Feb/23 07:59