We are aware of that; it was also mentioned in the blogpost.
On 17/12/2021 07:17, wenlong.lwl wrote:
Hi, @Chesnay Schepler <ches...@apache.org> I want to forward a feedback
from the user mailing list, the jars of the new patch releases are not
available at the central maven repo. example:
https://mvnrepository.com/artifact/org.apache.flink/flink-streaming-java
Best,
Wenlong
On Fri, 17 Dec 2021 at 01:27, Chesnay Schepler <ches...@apache.org> wrote:
The Apache Flink community has released emergency bugfix versions of
Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
These releases include a version upgrade for Log4j to address
[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
We highly recommend all users to upgrade to the respective patch release.
The releases are available for download at:
https://flink.apache.org/downloads.html
Please check out the release blog post for further details:
https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
Regards,
Chesnay