Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7

Thanks again for replying. Can you please provide a bit more explanation about the flink-hadoop-fs? It is coming from flink-streaming. The relevant dependency tree looks like below. How can I use a different version of hadoop in this case? +- org.apache.flink:flink-streaming-java_2.12:jar:1.13.1:

Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7

The Kafka one is incorrect because the 1.13.1 connector relies on Kafka 2.4.1. Whether the hadoop-fs ones are relevant for you depends entirely on which Hadoop version you are using, because we expect the user to provide Hadoop (and you can use later and more secure versions if you wish). IOW

Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7

Thanks for replying. But I am also observing the following being flagged *flink-hadoop-fs-1.13.1* - *CVE-2016-5001 * - *CVE-2017-3161 * - *CVE-2017-3162

Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7

Its unlikely to be relevant for you since the vulnerability only affects the scaladocs, i.e., documentation. On 7/2/2021 2:10 PM, Debraj Manna wrote: Hi, I was running owasp-dependency-check in a java application based on flink-1.13.0 (scala

owasp-dependency-check is flagging flink 1.13 for scala 2.12.7

Hi, I was running owasp-dependency-check in a java application based on flink-1.13.0 (scala 2.12). scala 2.12.7 was getting flagged for this