Could we also get an emergency patch to 1.12 version as well , because upgrading flink to a newer version on production in a short time would be high in effort and longer in duration as well .
Thanks, Prasanna On Tue, Nov 1, 2022 at 11:30 AM Prasanna kumar < prasannakumarram...@gmail.com> wrote: > If flink version 1.12 also affected ? > > Thanks, > Prasanna. > > On Tue, Nov 1, 2022 at 10:40 AM Mason Chen <mas.chen6...@gmail.com> wrote: > >> Hi Tamir and Martjin, >> >> We have also noticed this internally. So far, we have found that the >> *latest* Flink Java 11/Scala 2.12 docker images *1.14, 1.15, and 1.16* >> are affected, which all have the *openssl 3.0.2 *dependency. It would be >> good to discuss an emergency release when this patch comes out tomorrow, as >> it is the highest priority level from their severity rating. >> >> Best, >> Mason >> >> On Mon, Oct 31, 2022 at 1:10 PM Martijn Visser <martijnvis...@apache.org> >> wrote: >> >>> Hi Tamir, >>> >>> That depends on a) if Flink is vulnerable and b) if yes, how vulnerable >>> that would be. >>> >>> Best regards, >>> >>> Martijn >>> >>> Op ma 31 okt. 2022 om 19:22 schreef Tamir Sagi < >>> tamir.s...@niceactimize.com> >>> >>>> Hey all, >>>> >>>> Following that link >>>> >>>> https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html >>>> >>>> due to critical vulnerability , there will be an important release of >>>> OpenSSl v3.0.7 tomorrow November 1st. >>>> >>>> Is there any plan to update Flink with the newest version? >>>> >>>> Thanks. >>>> Tamir >>>> >>>> >>>> Confidentiality: This communication and any attachments are intended >>>> for the above-named persons only and may be confidential and/or legally >>>> privileged. Any opinions expressed in this communication are not >>>> necessarily those of NICE Actimize. If this communication has come to you >>>> in error you must take no action based on it, nor must you copy or show it >>>> to anyone; please delete/destroy and inform the sender by e-mail >>>> immediately. >>>> Monitoring: NICE Actimize may monitor incoming and outgoing e-mails. >>>> Viruses: Although we have taken steps toward ensuring that this e-mail >>>> and attachments are free from any virus, we advise that in keeping with >>>> good computing practice the recipient should ensure they are actually virus >>>> free. >>>> >>> -- >>> Martijn >>> https://twitter.com/MartijnVisser82 >>> https://github.com/MartijnVisser >>> >>
