[ https://issues.apache.org/jira/browse/FLINK-36537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17903486#comment-17903486 ]
Sergey Nuyanzin commented on FLINK-36537: ----------------------------------------- Merged as [b25ef726b3204a03810f3d780629912da8616eb7|https://github.com/apache/flink/commit/b25ef726b3204a03810f3d780629912da8616eb7] > Bump snappy-java from 1.1.10.4 to 1.1.10.7 > ------------------------------------------ > > Key: FLINK-36537 > URL: https://issues.apache.org/jira/browse/FLINK-36537 > Project: Flink > Issue Type: Improvement > Reporter: Siddharth R > Priority: Major > Labels: pull-request-available > > The current version has vulnerability in the dependant package, bumping it to > the latest version will remediate. > *Vulnerabilities from dependencies:* > [CVE-2024-23454|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23454] > [CVE-2022-26612|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26612] > Package details: > [https://mvnrepository.com/artifact/org.xerial.snappy/snappy-java/1.1.10.7] > -- This message was sent by Atlassian Jira (v8.20.10#820010)