同学,您这个项目引入了35个开源组件,存在4个漏洞,辛苦升级一下 #4
Comments
|
好的
kwai ***@***.***> 于2022年3月11日周五 09:50写道:
… @jeff-zou <https://github.com/jeff-zou>
,同学,您好,上面的漏洞报告是我IDE运行时,安全插件提示您这个项目存在的几个漏洞的报告,辛苦您修复一下哈,担心其他人也会用到你这个项目,从而引入这些漏洞。:)
—
Reply to this email directly, view it on GitHub
<#4 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFNV7R2JH2CYYDOIRBZMPBDU7KRFZANCNFSM5QOJYIVQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
看了一下漏洞信息,这个是由于使用了flink-streaming-java
1.13.2包引起的,log4j的漏洞,不过我引入这个包的scope是provided,所以在生产环境不会有问题。
不过还是升级一下flink版本至1.13.5,麻烦更新再看一下。
jeff zou ***@***.***> 于2022年3月11日周五 15:45写道:
… 好的
kwai ***@***.***> 于2022年3月11日周五 09:50写道:
> @jeff-zou <https://github.com/jeff-zou>
> ,同学,您好,上面的漏洞报告是我IDE运行时,安全插件提示您这个项目存在的几个漏洞的报告,辛苦您修复一下哈,担心其他人也会用到你这个项目,从而引入这些漏洞。:)
>
> —
> Reply to this email directly, view it on GitHub
> <#4 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AFNV7R2JH2CYYDOIRBZMPBDU7KRFZANCNFSM5QOJYIVQ>
> .
> Triage notifications on the go with GitHub Mobile for iOS
> <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
> or Android
> <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
>
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>
|
|
另外我今天增加了sink缓存功能,请知悉。
jeff zou ***@***.***> 于2022年3月11日周五 16:29写道:
… 看了一下漏洞信息,这个是由于使用了flink-streaming-java
1.13.2包引起的,log4j的漏洞,不过我引入这个包的scope是provided,所以在生产环境不会有问题。
不过还是升级一下flink版本至1.13.5,麻烦更新再看一下。
jeff zou ***@***.***> 于2022年3月11日周五 15:45写道:
> 好的
>
> kwai ***@***.***> 于2022年3月11日周五 09:50写道:
>
>> @jeff-zou <https://github.com/jeff-zou>
>> ,同学,您好,上面的漏洞报告是我IDE运行时,安全插件提示您这个项目存在的几个漏洞的报告,辛苦您修复一下哈,担心其他人也会用到你这个项目,从而引入这些漏洞。:)
>>
>> —
>> Reply to this email directly, view it on GitHub
>> <#4 (comment)>,
>> or unsubscribe
>> <https://github.com/notifications/unsubscribe-auth/AFNV7R2JH2CYYDOIRBZMPBDU7KRFZANCNFSM5QOJYIVQ>
>> .
>> Triage notifications on the go with GitHub Mobile for iOS
>> <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
>> or Android
>> <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
>>
>> You are receiving this because you were mentioned.Message ID:
>> ***@***.***>
>>
>
|
|
fixed by update flink version |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
检测到 jeff-zou/flink-connector-redis 一共引入了35个开源组件,存在4个漏洞
另外还有4个漏洞,详细报告:https://mofeisec.com/jr?p=aa6651
The text was updated successfully, but these errors were encountered: