Hi everyone, Little over a year ago a discussion thread was opened on changing the minimal supported version of Hadoop and bringing that to 2.8.5. [1] In this discussion thread, I would like to propose to bring that minimal supported version of Hadoop to 2.10.2.
Hadoop 2.8.5 is vulnerable for multiple CVEs which are classified as Critical. [2] [3]. While Flink is not directly impacted by those, we do see vulnerability scanners flag Flink as being vulnerable. We could easily mitigate that by bumping the minimal supported version of Hadoop to 2.10.2. I'm looking forward to your opinions on this topic. Best regards, Martijn https://twitter.com/MartijnVisser82 https://github.com/MartijnVisser [1] https://lists.apache.org/thread/81fhnwfxomjhyy59f9bbofk9rxpdxjo5 [2] https://nvd.nist.gov/vuln/detail/CVE-2022-25168 [3] https://nvd.nist.gov/vuln/detail/CVE-2022-26612
