If flink version 1.12 also affected ? Thanks, Prasanna.
On Tue, Nov 1, 2022 at 10:40 AM Mason Chen <mas.chen6...@gmail.com> wrote: > Hi Tamir and Martjin, > > We have also noticed this internally. So far, we have found that the > *latest* Flink Java 11/Scala 2.12 docker images *1.14, 1.15, and 1.16* > are affected, which all have the *openssl 3.0.2 *dependency. It would be > good to discuss an emergency release when this patch comes out tomorrow, as > it is the highest priority level from their severity rating. > > Best, > Mason > > On Mon, Oct 31, 2022 at 1:10 PM Martijn Visser <martijnvis...@apache.org> > wrote: > >> Hi Tamir, >> >> That depends on a) if Flink is vulnerable and b) if yes, how vulnerable >> that would be. >> >> Best regards, >> >> Martijn >> >> Op ma 31 okt. 2022 om 19:22 schreef Tamir Sagi < >> tamir.s...@niceactimize.com> >> >>> Hey all, >>> >>> Following that link >>> >>> https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html >>> >>> due to critical vulnerability , there will be an important release of >>> OpenSSl v3.0.7 tomorrow November 1st. >>> >>> Is there any plan to update Flink with the newest version? >>> >>> Thanks. >>> Tamir >>> >>> >>> Confidentiality: This communication and any attachments are intended for >>> the above-named persons only and may be confidential and/or legally >>> privileged. Any opinions expressed in this communication are not >>> necessarily those of NICE Actimize. If this communication has come to you >>> in error you must take no action based on it, nor must you copy or show it >>> to anyone; please delete/destroy and inform the sender by e-mail >>> immediately. >>> Monitoring: NICE Actimize may monitor incoming and outgoing e-mails. >>> Viruses: Although we have taken steps toward ensuring that this e-mail >>> and attachments are free from any virus, we advise that in keeping with >>> good computing practice the recipient should ensure they are actually virus >>> free. >>> >> -- >> Martijn >> https://twitter.com/MartijnVisser82 >> https://github.com/MartijnVisser >> >
