Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
flink: 1.9.0 -> 1.11.1, addressing CVE-2020-1960 #95592
Motivation for this change
This is mainly for the eyes of maintainer @mbode to check whether this works acceptably for them. It would be nice to get a bump of the mainline package to as recent a version as possible before 20.09 branches, because future vulnerabilities are unlikely to see releases for older versions.
Note that upstream's 1.5 branch actually has a fix for this CVE @ apache/flink@f9b4e0d, but with no release accompanying it and because this is a binary package, we don't have the possibility of using it as a patch. So it looks like our