---------- Forwarded message ----------
From: Apache Security Team <[hidden email]> Date: Thu, Jul 26, 2018 at 6:04 PM Subject: Fwd: [apache/flink-web] One of your dependencies may have a security vulnerability To: [hidden email] Hi Flink PMC, we are still receiving this notification from github. Regards, Yann. ---------- Forwarded message ---------- From: GitHub <[hidden email]> Date: Wed, Jul 25, 2018 at 3:43 PM Subject: [apache/flink-web] One of your dependencies may have a security vulnerability To: apache/flink-web <[hidden email]> Cc: Security alert <[hidden email]> We found a potential security vulnerabilty in one of your dependencies [image: GitHub] <https://github.com> Sign in <https://github.com/login> *asfsecurity,* We found a potential security vulnerability in a repository for which you have been granted security alert access. [image: @apache] apache/flink-web <https://github.com/apache/flink-web> Known * high severity* security vulnerability detected in yajl-ruby < 1.3.1 defined in Gemfile <https://github.com/apache/flink-web/blob/asf-site/Gemfile>. Gemfile <https://github.com/apache/flink-web/blob/asf-site/Gemfile> update suggested: yajl-ruby ~> 1.3.1. Always verify the validity and compatibility of suggestions with your codebase. Review vulnerable dependency <https://github.com/apache/flink-web/network/dependencies> ------------------------------ Only users who have been assigned access to security alerts will receive these notifications. Unsubscribe <https://github.com/notifications/unsubscribe-vulnerability/AiUHB9B4nW4WfYwIshte0sVRJ-3jF_yrks5uKHYCgaJpZM4VgG8m> · Email preferences <https://github.com/settings/emails> · Terms <https://help.github.com/articles/github-terms-of-service/> · Privacy <https://help.github.com/articles/github-privacy-policy/> · Sign into GitHub <https://github.com/login> GitHub, Inc. 88 Colin P Kelly Jr St. San Francisco, CA 94107 <https://maps.google.com/?q=88+Colin+P+Kelly+Jr+St.%0D%0A+++++++++++++++++++++++++++++San+Francisco,+CA+94107&entry=gmail&source=g> |
We fixed this for the Flink docs a while back in
https://github.com/apache/flink/pull/5395, but didn't think of the flink-web repo which uses a similar setup to our docs. If somebody has time to look into this, we can follow the above PR to apply the same changes. – Ufuk On Fri, Jul 27, 2018 at 10:20 AM, Stephan Ewen <[hidden email]> wrote: > ---------- Forwarded message ---------- > From: Apache Security Team <[hidden email]> > Date: Thu, Jul 26, 2018 at 6:04 PM > Subject: Fwd: [apache/flink-web] One of your dependencies may have a > security vulnerability > To: [hidden email] > > > Hi Flink PMC, > > we are still receiving this notification from github. > > Regards, > Yann. > > ---------- Forwarded message ---------- > From: GitHub <[hidden email]> > Date: Wed, Jul 25, 2018 at 3:43 PM > Subject: [apache/flink-web] One of your dependencies may have a security > vulnerability > To: apache/flink-web <[hidden email]> > Cc: Security alert <[hidden email]> > > > We found a potential security vulnerabilty in one of your dependencies > [image: GitHub] <https://github.com> Sign in <https://github.com/login> > *asfsecurity,* > > We found a potential security vulnerability in a repository for which you > have been granted security alert access. > [image: @apache] apache/flink-web <https://github.com/apache/flink-web> > Known * high severity* security vulnerability detected in yajl-ruby < 1.3.1 > defined in Gemfile > <https://github.com/apache/flink-web/blob/asf-site/Gemfile>. > Gemfile <https://github.com/apache/flink-web/blob/asf-site/Gemfile> update > suggested: yajl-ruby ~> 1.3.1. > Always verify the validity and compatibility of suggestions with your > codebase. > Review vulnerable dependency > <https://github.com/apache/flink-web/network/dependencies> > ------------------------------ > > Only users who have been assigned access to security alerts will receive > these notifications. > Unsubscribe > <https://github.com/notifications/unsubscribe-vulnerability/AiUHB9B4nW4WfYwIshte0sVRJ-3jF_yrks5uKHYCgaJpZM4VgG8m> > · Email preferences <https://github.com/settings/emails> · Terms > <https://help.github.com/articles/github-terms-of-service/> · Privacy > <https://help.github.com/articles/github-privacy-policy/> · Sign into GitHub > <https://github.com/login> > > GitHub, Inc. > 88 Colin P Kelly Jr St. > San Francisco, CA 94107 > <https://maps.google.com/?q=88+Colin+P+Kelly+Jr+St.%0D%0A+++++++++++++++++++++++++++++San+Francisco,+CA+94107&entry=gmail&source=g> |
I've filed this under FLINK-10007 [1].
Cheers, Fabian [1] https://issues.apache.org/jira/browse/FLINK-10007 2018-08-02 11:10 GMT+02:00 Ufuk Celebi <[hidden email]>: > We fixed this for the Flink docs a while back in > https://github.com/apache/flink/pull/5395, but didn't think of the > flink-web repo which uses a similar setup to our docs. > > If somebody has time to look into this, we can follow the above PR to > apply the same changes. > > – Ufuk > > > On Fri, Jul 27, 2018 at 10:20 AM, Stephan Ewen <[hidden email]> wrote: > > ---------- Forwarded message ---------- > > From: Apache Security Team <[hidden email]> > > Date: Thu, Jul 26, 2018 at 6:04 PM > > Subject: Fwd: [apache/flink-web] One of your dependencies may have a > > security vulnerability > > To: [hidden email] > > > > > > Hi Flink PMC, > > > > we are still receiving this notification from github. > > > > Regards, > > Yann. > > > > ---------- Forwarded message ---------- > > From: GitHub <[hidden email]> > > Date: Wed, Jul 25, 2018 at 3:43 PM > > Subject: [apache/flink-web] One of your dependencies may have a security > > vulnerability > > To: apache/flink-web <[hidden email]> > > Cc: Security alert <[hidden email]> > > > > > > We found a potential security vulnerabilty in one of your dependencies > > [image: GitHub] <https://github.com> Sign in <https://github.com/login> > > *asfsecurity,* > > > > We found a potential security vulnerability in a repository for which you > > have been granted security alert access. > > [image: @apache] apache/flink-web <https://github.com/apache/flink-web> > > Known * high severity* security vulnerability detected in yajl-ruby < > 1.3.1 > > defined in Gemfile > > <https://github.com/apache/flink-web/blob/asf-site/Gemfile>. > > Gemfile <https://github.com/apache/flink-web/blob/asf-site/Gemfile> > update > > suggested: yajl-ruby ~> 1.3.1. > > Always verify the validity and compatibility of suggestions with your > > codebase. > > Review vulnerable dependency > > <https://github.com/apache/flink-web/network/dependencies> > > ------------------------------ > > > > Only users who have been assigned access to security alerts will receive > > these notifications. > > Unsubscribe > > <https://github.com/notifications/unsubscribe-vulnerability/ > AiUHB9B4nW4WfYwIshte0sVRJ-3jF_yrks5uKHYCgaJpZM4VgG8m> > > · Email preferences <https://github.com/settings/emails> · Terms > > <https://help.github.com/articles/github-terms-of-service/> · Privacy > > <https://help.github.com/articles/github-privacy-policy/> · Sign into > GitHub > > <https://github.com/login> > > > > GitHub, Inc. > > 88 Colin P Kelly Jr St. > > San Francisco, CA 94107 > > <https://maps.google.com/?q=88+Colin+P+Kelly+Jr+St.%0D%0A+ > ++++++++++++++++++++++++++++San+Francisco,+CA+94107&entry=gmail&source=g> > |
Free forum by Nabble | Edit this page |