[FLINK-36643] Upgrade aws-java-sdk-core to 1.12.779 to fix vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.0.0, 1.19.2, 1.20.1
Component/s: FileSystems
Labels:
- pull-request-available

Description

The current version of aws-java-sdk-core, used in the flink-s3-fs-base module, has a high severity vulnerability (CVE-2024-21634).

To address this we need to update to version 1.12.773 or higher, 1.12.777 is the current latest version.

Attachments

Issue Links

links to

GitHub Pull Request #25600

GitHub Pull Request #25709

GitHub Pull Request #25719

Activity

People

Assignee:: Thomas Cooper

Reporter:: Thomas Cooper

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 31/Oct/24 15:23

Updated:: 04/Dec/24 22:01

Resolved:: 04/Dec/24 22:01