I saw the update from them as well, so +1, the downgrade in severity makes
it less urgent for us now and I’m fine with waiting for the next regular
Flink docker release. We would need to wait for the upstream image provider
to patch it as well. Thanks!
Best,
Mason
On Tue, Nov 1, 2022 at 9:18 AM M
Hi all,
Looking at the blog with details
https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows it's
shown that vulnerability has been downgraded to High. I don't think that
warrants an emergency re-release of the images.
Best regards,
Martijn
Op di 1 nov. 2022 om 15:06 schreef Ch
We just push new images with the same tags.
On 01/11/2022 14:35, Matthias Pohl wrote:
The Docker image for Flink 1.12.7 uses an older base image which comes
with openssl 1.1.1k. There was a previous post in the OpenSSL mailing
list reporting a low vulnerability being fixed with 3.0.6 and 1.1.1r
The Docker image for Flink 1.12.7 uses an older base image which comes with
openssl 1.1.1k. There was a previous post in the OpenSSL mailing list
reporting a low vulnerability being fixed with 3.0.6 and 1.1.1r (both
versions being explicitly mentioned) [1]. Therefore, I understand the post
in a way
Could we also get an emergency patch to 1.12 version as well , because
upgrading flink to a newer version on production in a short time would be
high in effort and longer in duration as well .
Thanks,
Prasanna
On Tue, Nov 1, 2022 at 11:30 AM Prasanna kumar <
prasannakumarram...@gmail.com> wrote:
If flink version 1.12 also affected ?
Thanks,
Prasanna.
On Tue, Nov 1, 2022 at 10:40 AM Mason Chen wrote:
> Hi Tamir and Martjin,
>
> We have also noticed this internally. So far, we have found that the
> *latest* Flink Java 11/Scala 2.12 docker images *1.14, 1.15, and 1.16*
> are affected, whi
Hi Tamir and Martjin,
We have also noticed this internally. So far, we have found that the
*latest* Flink Java 11/Scala 2.12 docker images *1.14, 1.15, and 1.16* are
affected, which all have the *openssl 3.0.2 *dependency. It would be good
to discuss an emergency release when this patch comes out
Hi Tamir,
That depends on a) if Flink is vulnerable and b) if yes, how vulnerable
that would be.
Best regards,
Martijn
Op ma 31 okt. 2022 om 19:22 schreef Tamir Sagi
> Hey all,
>
> Following that link
> https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
>
> due to cri
Hey all,
Following that link
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
due to critical vulnerability , there will be an important release of OpenSSl
v3.0.7 tomorrow November 1st.
Is there any plan to update Flink with the newest version?
Thanks.
Tamir
Confid
