[FLINK-36593] Upgrade io.airlift:aircompressor to mitigate CVE - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0-preview
Fix Version/s: 2.0.0
Component/s: API / Core
Labels:
- pull-request-available

Description

The current version of the aircompressor library (0.21), used in the flink-runtime module, has a vulnerability: CVE-2024-36114.

This can be mitigated by upgrading to version 0.27 of the library.

Attachments

Issue Links

links to

GitHub Pull Request #25567

GitHub Pull Request #25606

Activity

People

Assignee:: Thomas Cooper

Reporter:: Thomas Cooper

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 23/Oct/24 10:52

Updated:: 12/Nov/24 15:33

Resolved:: 25/Oct/24 14:25