-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
同学,您这个项目引入了35个开源组件,存在4个漏洞,辛苦升级一下 #4
Comments
好的
kwai ***@***.***> 于2022年3月11日周五 09:50写道:
… @jeff-zou <https://github.com/jeff-zou>
,同学,您好,上面的漏洞报告是我IDE运行时,安全插件提示您这个项目存在的几个漏洞的报告,辛苦您修复一下哈,担心其他人也会用到你这个项目,从而引入这些漏洞。:)
—
Reply to this email directly, view it on GitHub
<#4 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFNV7R2JH2CYYDOIRBZMPBDU7KRFZANCNFSM5QOJYIVQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
看了一下漏洞信息,这个是由于使用了flink-streaming-java
1.13.2包引起的,log4j的漏洞,不过我引入这个包的scope是provided,所以在生产环境不会有问题。
不过还是升级一下flink版本至1.13.5,麻烦更新再看一下。
jeff zou ***@***.***> 于2022年3月11日周五 15:45写道:
… 好的
kwai ***@***.***> 于2022年3月11日周五 09:50写道:
> @jeff-zou <https://github.com/jeff-zou>
> ,同学,您好,上面的漏洞报告是我IDE运行时,安全插件提示您这个项目存在的几个漏洞的报告,辛苦您修复一下哈,担心其他人也会用到你这个项目,从而引入这些漏洞。:)
>
> —
> Reply to this email directly, view it on GitHub
> <#4 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AFNV7R2JH2CYYDOIRBZMPBDU7KRFZANCNFSM5QOJYIVQ>
> .
> Triage notifications on the go with GitHub Mobile for iOS
> <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
> or Android
> <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
>
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>
|
另外我今天增加了sink缓存功能,请知悉。
jeff zou ***@***.***> 于2022年3月11日周五 16:29写道:
… 看了一下漏洞信息,这个是由于使用了flink-streaming-java
1.13.2包引起的,log4j的漏洞,不过我引入这个包的scope是provided,所以在生产环境不会有问题。
不过还是升级一下flink版本至1.13.5,麻烦更新再看一下。
jeff zou ***@***.***> 于2022年3月11日周五 15:45写道:
> 好的
>
> kwai ***@***.***> 于2022年3月11日周五 09:50写道:
>
>> @jeff-zou <https://github.com/jeff-zou>
>> ,同学,您好,上面的漏洞报告是我IDE运行时,安全插件提示您这个项目存在的几个漏洞的报告,辛苦您修复一下哈,担心其他人也会用到你这个项目,从而引入这些漏洞。:)
>>
>> —
>> Reply to this email directly, view it on GitHub
>> <#4 (comment)>,
>> or unsubscribe
>> <https://github.com/notifications/unsubscribe-auth/AFNV7R2JH2CYYDOIRBZMPBDU7KRFZANCNFSM5QOJYIVQ>
>> .
>> Triage notifications on the go with GitHub Mobile for iOS
>> <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
>> or Android
>> <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
>>
>> You are receiving this because you were mentioned.Message ID:
>> ***@***.***>
>>
>
|
fixed by update flink version |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
检测到 jeff-zou/flink-connector-redis 一共引入了35个开源组件,存在4个漏洞
另外还有4个漏洞,详细报告:https://mofeisec.com/jr?p=aa6651
The text was updated successfully, but these errors were encountered: