Adam Roberts created FLINK-21670:
------------------------------------
Summary: Bump log4j version to 2.8.2
Key: FLINK-21670
URL:
https://issues.apache.org/jira/browse/FLINK-21670 Project: Flink
Issue Type: Bug
Reporter: Adam Roberts
Hey everyone, another Twistlock scan done and, in the same manner as
https://issues.apache.org/jira/browse/STORM-2528, it appears the Flink Python jar's impacted
Apparently we're using version 2.6.2 and bumping to 2.8.2 should be sufficient to remediate at least this potential problem [
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5645]
I've done this scan against both 1.13 and 1.12.2, so ideally should be fixed in both if possible please. Cheers!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
