Loading...

XML

Word

Printable

Type: Task
Resolution: Done
Priority: Major
Fix Version/s: 3.1.0.TP
Affects Version/s: 3.1.0.TP
Component/s: flink-kubernetes-operator
Labels:
None

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
Security Requirements for Flink TP
Git Pull Request:
https://github.com/apache/flink-kubernetes-operator/pull/1002
Intelligence Requested:
Market:

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

The Flink Kubernetes Operator is currently vulnerable to CVE-2025-48924.

This should be fixable by upgrading to the latest version (3.18 at time of writing) of the org.apache.commons:commons-lang3 dependency.

We need to open an issue in the upstream JIRA and then a PR against the Operator repo.

is cloned by

ENTMQSTFL-257 Update commons-lang3 in Flink

Resolved

Assignee:: David Kornel

Reporter:: Thomas Cooper

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/07/23 10:36 AM

Updated:: 2025/08/12 12:59 PM

Resolved:: 2025/08/12 12:59 PM