Hi Tamir and Martjin, We have also noticed this internally. So far, we have found that the *latest* Flink Java 11/Scala 2.12 docker images *1.14, 1.15, and 1.16* are affected, which all have the *openssl 3.0.2 *dependency. It would be good to discuss an emergency release when this patch comes out tomorrow, as it is the highest priority level from their severity rating.
Best, Mason On Mon, Oct 31, 2022 at 1:10 PM Martijn Visser <martijnvis...@apache.org> wrote: > Hi Tamir, > > That depends on a) if Flink is vulnerable and b) if yes, how vulnerable > that would be. > > Best regards, > > Martijn > > Op ma 31 okt. 2022 om 19:22 schreef Tamir Sagi < > tamir.s...@niceactimize.com> > >> Hey all, >> >> Following that link >> >> https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html >> >> due to critical vulnerability , there will be an important release of >> OpenSSl v3.0.7 tomorrow November 1st. >> >> Is there any plan to update Flink with the newest version? >> >> Thanks. >> Tamir >> >> >> Confidentiality: This communication and any attachments are intended for >> the above-named persons only and may be confidential and/or legally >> privileged. Any opinions expressed in this communication are not >> necessarily those of NICE Actimize. If this communication has come to you >> in error you must take no action based on it, nor must you copy or show it >> to anyone; please delete/destroy and inform the sender by e-mail >> immediately. >> Monitoring: NICE Actimize may monitor incoming and outgoing e-mails. >> Viruses: Although we have taken steps toward ensuring that this e-mail >> and attachments are free from any virus, we advise that in keeping with >> good computing practice the recipient should ensure they are actually virus >> free. >> > -- > Martijn > https://twitter.com/MartijnVisser82 > https://github.com/MartijnVisser >
