[jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088

Chesnay Schepler (Jira) Tue, 20 Jul 2021 23:54:08 -0700


    [ 
https://issues.apache.org/jira/browse/FLINK-23444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17384698#comment-17384698
 ]


Chesnay Schepler commented on FLINK-23444:
------------------------------------------

That vulnerability applies to _slf4j-ext_, which Flink does not depend on.

> Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088
> ----------------------------------------------------------
>
>                 Key: FLINK-23444
>                 URL: https://issues.apache.org/jira/browse/FLINK-23444
>             Project: Flink
>          Issue Type: Improvement
>          Components: API / Core
>    Affects Versions: 1.11.3, 1.13.0, 1.12.3, 1.13.1
>            Reporter: Hui Wang
>            Priority: Major
>
> Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088 [1] . When can 
> Flink be upgraded to a more secure version?
> [1] https://nvd.nist.gov/vuln/detail/CVE-2018-8088



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088

Reply via email to