flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fabian Hueske (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLINK-8308) Update yajl-ruby dependency to 1.3.1 or higher
Date Wed, 31 Jan 2018 13:44:00 GMT

    [ https://issues.apache.org/jira/browse/FLINK-8308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16346841#comment-16346841
] 

Fabian Hueske commented on FLINK-8308:
--------------------------------------

I don't see a problem in updating the dependencies since this is "just" tooling for Flink
developers. 
So we would not break any user code. Of course, we have to verify that the docs are still
compiling correctly after the update.

[~uce] What is this docker build environment and why does it require Ruby?

 

> Update yajl-ruby dependency to 1.3.1 or higher
> ----------------------------------------------
>
>                 Key: FLINK-8308
>                 URL: https://issues.apache.org/jira/browse/FLINK-8308
>             Project: Flink
>          Issue Type: Task
>          Components: Project Website
>            Reporter: Fabian Hueske
>            Assignee: Steven Langbroek
>            Priority: Critical
>             Fix For: 1.5.0, 1.4.1
>
>
> We got notified that yajl-ruby < 1.3.1, a dependency which is used to build the Flink
website, has a  security vulnerability of high severity.
> We should update yajl-ruby to 1.3.1 or higher.
> Since the website is built offline and served as static HTML, I don't think this is a
super critical issue (please correct me if I'm wrong), but we should resolve this soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message