The flink-kubernetes module in the main flink project is still using Fabric8 version 6.13.4. This has is vulnerable to CVE-2023-3635 via the okhttp dependency and will not run on newer K8s clusters. We should upgrade to the latest Fabric8 client version (7.3.1 at time of writing).

This is tracked upstream in FLINK-38093, we should volunteer to fix this on that issue and submit a PR against master and backport to the release-2.1 branch.

That issue also highlights how there are option about the http library used. We should push to move away from okhttp as it pulls in kotlin dependencies that will severly complicate our build. We should push to move to vertx.