[FLINK-36800] Upgrade hadoop-aws to avoid CVE-2019-14887 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: In Progress
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.18.1, 1.20.0, 1.19.1, 2.0-preview
Fix Version/s: None
Component/s: Connectors / FileSystem
Labels:
- pull-request-available

Description

wildfly-openssl is used as SSL provider by hadoop-aws.

Currently, Flink depends on hadoop-aws 3.3.4 including wildfly-openssl 1.0.7 being vulnerable. We should update hadoop-aws to include a later version of the SSL provider.

Attachments

Issue Links

links to

GitHub Pull Request #25692

Activity

People

Assignee:: Fabian Paul

Reporter:: Fabian Paul

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 26/Nov/24 11:18

Updated:: 29/Nov/24 09:09