[
https://issues.apache.org/jira/browse/FLINK-36510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17891358#comment-17891358
]
Grace Grimwood commented on FLINK-36510:
----------------------------------------
Fully agree, it makes sense to remove Netty 3 from the last 1.x support release
so anyone who has to wait to upgrade to 2.0 isn't stuck with all those CVEs :)
I've opened PR [#25550|https://github.com/apache/flink/pull/25550] against
release-1.20 to backport this.
> Upgrade Pekko from 1.0.1 to 1.1.2
> ---------------------------------
>
> Key: FLINK-36510
> URL: https://issues.apache.org/jira/browse/FLINK-36510
> Project: Flink
> Issue Type: Technical Debt
> Components: Runtime / Coordination
> Affects Versions: 1.20.0, 1.19.1, 2.0-preview
> Reporter: Grace Grimwood
> Assignee: Grace Grimwood
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.0.0
>
>
> Updates Pekko dependency to 1.1.2 which in turn upgrades Netty 3 to 4
> (addressing FLINK-29065 and removing several CVEs from Flink). Pekko 1.1 also
> upgrades other dependencies such as slf4j and Jackson. For more details see
> the [Pekko 1.1 release
> notes|https://pekko.apache.org/docs/pekko/current/release-notes/releases-1.1.html].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
