[jira] [Updated] (FLINK-36528) Update org.apache.avro : avro dependency

Mon, 14 Oct 2024 09:57:00 -0700 


     [ 
https://issues.apache.org/jira/browse/FLINK-36528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matyas Orhidi updated FLINK-36528:
----------------------------------
    Fix Version/s: kubernetes-operator-1.11.0
                       (was: kubernetes-operator-1.10.0)

> Update org.apache.avro : avro dependency
> ----------------------------------------
>
>                 Key: FLINK-36528
>                 URL: https://issues.apache.org/jira/browse/FLINK-36528
>             Project: Flink
>          Issue Type: Improvement
>          Components: Kubernetes Operator
>    Affects Versions: kubernetes-operator-1.10.0
>            Reporter: Kartik Goyal
>            Assignee: Kartik Goyal
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: kubernetes-operator-1.11.0
>
>
> Update the org.apache.avro : avro package present in flink-beam-example to 
> remediate the vulnerabilities associated with this package. It is a 
> transitive dependency for beam-sdks-java-core and the current version 1.8.2. 
> Package info:
> [https://mvnrepository.com/artifact/org.apache.avro/avro/1.8.2] 
> Vulnerabilities info:
> Direct vulnerabilities:
> [CVE-2024-47561|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47561]
> [CVE-2023-39410|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39410]
> Vulnerabilities from dependencies:
> [CVE-2024-25710|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25710]
> [CVE-2023-43642|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43642]
> [CVE-2023-34455|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34455]
> [CVE-2023-34454|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34454]
> [CVE-2023-34453|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34453]
> [CVE-2021-36090|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090]
> [CVE-2021-35517|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517]
> [CVE-2021-35516|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35516]
> [CVE-2021-35515|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35515]
> [CVE-2020-15250|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250]
> [CVE-2019-10202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10202]
> [CVE-2019-10172|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10172]
> [CVE-2018-11771|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11771]
> Proposed change solution:
> Bump the version from 1.8.2 to 1.12.0



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to