[FLINK-28798] Upgrade JDOM version to 2.0.6.1 in order to resolve CVE-2021-33813 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: 1.13.6
Fix Version/s: None
Component/s: FileSystems
Labels:
None

Description

The flink-oss-fs-hadoop module(flink/flink-filesystems/flink-oss-fs-hadoop/pom.xml) has aliyun-sdk-oss:3.4.1 as dependency. The version of jdom in aliyun-sdk-oss:3.4.1 is 1.1 which is vulnerable. The aliyun-sdk-oss:3.14.1 has jdom:2.0.6.1. Even the flink:1.15 has aliyun-sdk-oss:3.4.1 only. Please upgrade aliyun-sdk-oss to 3.14.1

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Bilna

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 04/Aug/22 07:18

Updated:: 30/Aug/22 12:14

Resolved:: 30/Aug/22 12:14