Details
-
Technical Debt
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
The minimum Hadoop version supported by Apache Flink has been updated to version 2.10.2. For Hadoop 3, the minimum Hadoop version that is now supported is version 3.2.3.
Description
Hadoop 2.8.5 is vulnerable for multiple CVEs such as https://nvd.nist.gov/vuln/detail/CVE-2022-25168 and https://nvd.nist.gov/vuln/detail/CVE-2022-26612 which are classified as Critical. While Flink is not directly impacted by those, we do see vulnerability scanners flag Flink as being vulnerable. We could easily mitigate that by bumping the minimal supported version of Hadoop to 2.10.2.
Please note that this doesn't break the binary protocol compatibility, which means that 2.10.2 client can still talk to older servers.
Discussion thread: https://lists.apache.org/thread/tgw2dmnoxm7sdwyjohskmvpk3pdd3qvm
Attachments
Issue Links
- fixes
-
FLINK-15534 YARNSessionCapacitySchedulerITCase#perJobYarnClusterWithParallelism failed due to NPE
- Closed
- links to