[
https://issues.apache.org/jira/browse/FLINK-24736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17749942#comment-17749942
]
Parag Somani commented on FLINK-24736:
--------------------------------------
This is the reason of security vulnerabilities, we moved away from flink and
implemented something similar(with limited capability as per use case demand).
Also, changed the architecture to address these issues.
I tried alternate approach, by keeping source code in git and update the libs
as per security issues etc. I tried for a release, but to maintain, it is
overhead again.
> Non vulenerable jar files for Apache Flink 1.14.4
> -------------------------------------------------
>
> Key: FLINK-24736
> URL: https://issues.apache.org/jira/browse/FLINK-24736
> Project: Flink
> Issue Type: Bug
> Reporter: Parag Somani
> Priority: Major
>
> Hello,
> We are using Apache flink 1.14.4 as one of base image in our production. Due
> to recent upgrade, we have many container security defects.
> I am using "flink-1.14.4-bin-scala_2.12"in our k8s env.
> Please assist with Flink version having non-vulnerable libraries. List of
> vulnerable libs are as follows:
> [7.5] [CVE-2019-16869] [flink-rpc-akka-loader] [1.14.4]
> [9.1] [CVE-2019-20444] [flink-rpc-akka-loader] [1.14.4]
> [9.1] [CVE-2019-20445] [flink-rpc-akka-loader] [1.14.4]
> [7.5] [sonatype-2019-0115] [flink-rpc-akka-loader] [1.14.4]
> [7.5] [sonatype-2020-0029] [flink-rpc-akka-loader] [1.14.4]
> [7.5] [CVE-2019-16869] [flink-rpc-akka] [1.14.4]
> [9.1] [CVE-2019-20444] [flink-rpc-akka] [1.14.4]
> [9.1] [CVE-2019-20445] [flink-rpc-akka] [1.14.4]
> [7.5] [sonatype-2019-0115] [flink-rpc-akka] [1.14.4]
> [7.5] [sonatype-2020-0029] [flink-rpc-akka] [1.14.4]
> Can you assist with this ?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
