Parag Somani created FLINK-24736:
------------------------------------
Summary: Non vulenerable jar files for Apache Flink 1.14.0
Key: FLINK-24736
URL: https://issues.apache.org/jira/browse/FLINK-24736
Project: Flink
Issue Type: Bug
Reporter: Parag Somani
Hello,
We are using Apache flink 1.14.0 as one of base image in our production. Due to
recent upgrade, we have many container security defects.
I am using "flink-1.14.0-bin-scala_2.12"in our k8s env.
Please assist with Flink version having non-vulnerable libraries. List of
vulnerable libs are as follows:
# [7.5] [sonatype-2020-0029] [flink-rpc-akka-loader] [1.14.0]
# [7.5] [sonatype-2019-0115] [flink-rpc-akka-loader] [1.14.0]
# [9.1] [CVE-2019-20445] [flink-rpc-akka-loader] [1.14.0]
# [9.1] [CVE-2019-20444] [flink-rpc-akka-loader] [1.14.0]
# [7.5] [CVE-2019-16869] [flink-rpc-akka-loader] [1.14.0]
# [7.5] [sonatype-2019-0115] [scala-compiler] [2.12.7]
# [7.5] [sonatype-2019-0115] [jquery] [1.8.2]
# [7.5] [sonatype-2020-0029] [flink-runtime] [1.14.0]
# [7.5] [sonatype-2019-0115] [flink-runtime] [1.14.0]
# [9.1] [CVE-2019-20445] [flink-runtime] [1.14.0]
# [9.1] [CVE-2019-20444] [flink-runtime] [1.14.0]
# [7.5] [CVE-2019-16869] [flink-runtime] [1.14.0]
# [7.5] [sonatype-2020-0029] [flink-rpc-akka] [1.14.0]
# [7.5] [sonatype-2019-0115] [flink-rpc-akka] [1.14.0]
# [9.1] [CVE-2019-20445] [flink-rpc-akka] [1.14.0]
# [9.1] [CVE-2019-20444] [flink-rpc-akka] [1.14.0]
# [7.5] [CVE-2019-16869] [flink-rpc-akka] [1.14.0]
# [9.8] [CVE-2019-17571] [log4j] [1.2.17]
Can you assist with this ?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
