[
https://issues.apache.org/jira/browse/FLINK-34955?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17834779#comment-17834779
]
Jiabao Sun commented on FLINK-34955:
------------------------------------
I have rechecked the dependency of `commons-codec` in `commons-compress` and it
is no longer optional. Even if upgraded to 1.26.1, `commons-codec` will still
be a transitive dependency.
Sorry for the disturbance.
> Upgrade commons-compress to 1.26.0
> ----------------------------------
>
> Key: FLINK-34955
> URL: https://issues.apache.org/jira/browse/FLINK-34955
> Project: Flink
> Issue Type: Improvement
> Reporter: Shilun Fan
> Assignee: Shilun Fan
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.18.2, 1.20.0, 1.19.1
>
>
> commons-compress 1.24.0 has CVE issues, try to upgrade to 1.26.0, we can
> refer to the maven link
> https://mvnrepository.com/artifact/org.apache.commons/commons-compress
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
