[
https://issues.apache.org/jira/browse/FLINK-19929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Flink Jira Bot updated FLINK-19929:
-----------------------------------
Labels: auto-deprioritized-major (was: stale-major)
Priority: Minor (was: Major)
This issue was labeled "stale-major" 7 ago and has not received any updates so
it is being deprioritized. If this ticket is actually Major, please raise the
priority and ask a committer to assign you the issue or revive the public
discussion.
> Upgrade Kinesis dependencies to avoid protobuf 2.6.1
> ----------------------------------------------------
>
> Key: FLINK-19929
> URL: https://issues.apache.org/jira/browse/FLINK-19929
> Project: Flink
> Issue Type: Improvement
> Components: Connectors / Kinesis
> Reporter: Chesnay Schepler
> Priority: Minor
> Labels: auto-deprioritized-major
> Fix For: 1.14.0
>
>
> Our current Kinesis dependencies (amazon-kinesis-client,
> amazon-kinesis-producer) depend on protobuf 2.6.1, which are affected by
> [CVE-2015-5237|https://nvd.nist.gov/vuln/detail/CVE-2015-5237].
> We should look into upgrade the client to 1.14.0, and the producer to 0.14.1 .
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
