[jira] [Updated] (FLINK-36602) Upgrade Calcite version to 1.38.0

Martijn Visser (Jira) Thu, 28 Nov 2024 06:51:16 -0800


     [ 
https://issues.apache.org/jira/browse/FLINK-36602?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Martijn Visser updated FLINK-36602:
-----------------------------------
    Labels:   (was: pull-request-available)

> Upgrade Calcite version to 1.38.0
> ---------------------------------
>
>                 Key: FLINK-36602
>                 URL: https://issues.apache.org/jira/browse/FLINK-36602
>             Project: Flink
>          Issue Type: Improvement
>          Components: Table SQL / API
>    Affects Versions: 2.0-preview
>            Reporter: Thomas Cooper
>            Priority: Major
>
> The currently used Calcite version (1.32) has a high severity vulnerability 
> ([CVE-2023-1370|https://nvd.nist.gov/vuln/detail/CVE-2023-1370]). This can be 
> mitigated by upgrading to Calcite 1.37 or higher (which upgrades the 
> vulnerable json-path library). 
> As [1.38 has been 
> released|https://calcite.apache.org/news/2024/10/15/release-1.38.0/] we 
> should probably upgrade to that.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (FLINK-36602) Upgrade Calcite version to 1.38.0

Reply via email to