Adam Roberts created FLINK-21546:
------------------------------------
Summary: Upgrade io.netty netty-codec in Flink (four findings)
Key: FLINK-21546
URL:
https://issues.apache.org/jira/browse/FLINK-21546 Project: Flink
Issue Type: Bug
Reporter: Adam Roberts
Hi everyone, have been raising plenty of JIRAs after doing a Twistlock container scan for Flink 1.11.3 and Hadoop 3.3.1 snapshot, for Flink itself (so without using Hadoop) I've noticed the following libraries in use (unfortunately I don't get a path where, but somewhere in Flink they must be, or in a dependent jar?).
{{{"fixed in 4.1.46","packageName":"io.netty_netty-codec","packageVersion":"4.1.34.Final"}}}
{{{"fixed in 4.1.44","packageName":"io.netty_netty-codec","packageVersion":"4.1.34.Final"}}}
{{{"fixed in 4.1.44","packageName":"io.netty_netty-codec","packageVersion":"4.1.34.Final"}}}{{}}
{{{fixed in 4.1.42.Final","packageName":"io.netty_netty-codec","packageVersion":"4.1.34.Final"}}}
{{}}
https://issues.apache.org/jira/browse/HADOOP-17556 may be useful as well
Could we move up to Netty 4.1.46 (or something even newer?) across everything Flink's using? Again, I apologise for not having the paths to figure out what exactly is using it, but perhaps folks working directly with Flink may have a clue? Thanks
{{}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)