tomncooper opened a new pull request, #25709:
URL: https://github.com/apache/flink/pull/25709

   ## What is the purpose of the change
   
   This is backport of #25600. 
   
   The current version of `aws-java-sdk-core`, used in the `flink-s3-fs-base` 
module, has a high severity vulnerability 
([CVE-2024-21634](https://nvd.nist.gov/vuln/detail/CVE-2024-21634)).
   
   To address this we need to update to version 1.12.773 or higher, 1.12.779 is 
the current latest version.
   
   ## Brief change log
   
   Update the `aws-java-sdk-core` version used in `flink-s3-fs-base` to 
1.12.779. 
   
   ## Verifying this change
   
   This change is already covered by existing tests in the `flink-s3-fs-base` 
module.
   
   ## Does this pull request potentially affect one of the following parts:
   
     - Dependencies (does it add or upgrade a dependency): yes
     - The public API, i.e., is any changed class annotated with 
`@Public(Evolving)`: no
     - The serializers: no
     - The runtime per-record code paths (performance sensitive): no
     - Anything that affects deployment or recovery: JobManager (and its 
components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no
     - The S3 file system connector: yes
   
   ## Documentation
   
     - Does this pull request introduce a new feature? no
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@flink.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to