Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-29710

Upgrade the minimal supported hadoop version to 2.10.2

    XMLWordPrintableJSON

Details

    • The minimum Hadoop version supported by Apache Flink has been updated to version 2.10.2. For Hadoop 3, the minimum Hadoop version that is now supported is version 3.2.3.

    Description

      Hadoop 2.8.5 is vulnerable for multiple CVEs such as https://nvd.nist.gov/vuln/detail/CVE-2022-25168 and https://nvd.nist.gov/vuln/detail/CVE-2022-26612 which are classified as Critical. While Flink is not directly impacted by those, we do see vulnerability scanners flag Flink as being vulnerable. We could easily mitigate that by bumping the minimal supported version of Hadoop to 2.10.2.

      Please note that this doesn't break the binary protocol compatibility, which means that 2.10.2 client can still talk to older servers.

      Discussion thread: https://lists.apache.org/thread/tgw2dmnoxm7sdwyjohskmvpk3pdd3qvm

      Attachments

        Issue Links

          fixes

          Bug - A problem which impairs or prevents the functions of the product. FLINK-15534 YARNSessionCapacitySchedulerITCase#perJobYarnClusterWithParallelism failed due to NPE

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed
          links to

          Web Link GitHub Pull Request #21128

          Web Link GitHub Pull Request #21392

          Activity

            People

              martijnvisser Martijn Visser
              martijnvisser Martijn Visser
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: