Loading...

XML

Word

Printable

Type: Task
Resolution: Done
Priority: Major
Fix Version/s: 3.1.0.TP
Affects Version/s: 3.1.0.TP
Component/s: flink
Labels:
None

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
Security Requirements for Flink TP
Git Pull Request:
https://github.com/apache/flink/pull/26869, https://github.com/apache/flink/pull/26957, https://github.com/apache/flink/pull/26963
Intelligence Requested:
Market:

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Flink is currently vulnerable to CVE-2025-48924.

This should be fixable by upgrading to the latest version (3.18 at time of writing) of the org.apache.commons:commons-lang3 dependency.

We need to open an issue in the upstream JIRA and then a PR against the both the master and release-2.1 (backport) branches in the Flink Repo.

clones

ENTMQSTFL-255 Update commons-lang3 in Flink K8s Operator

Closed

Assignee:: Jakub Stejskal

Reporter:: Thomas Cooper (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/07/23 2:40 PM

Updated:: 2025/09/08 9:13 AM

Resolved:: 2025/09/08 9:13 AM