Apache Flink Log4j emergency releases
source link: https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Apache Flink Log4j emergency releases
16 Dec 2021 Chesnay Schepler
The Apache Flink community has released emergency bugfix versions of Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
These releases include a version upgrade for Log4j to address CVE-2021-44228 and CVE-2021-45046.
We highly recommend all users to upgrade to the respective patch release.
You can find the source and binaries on the updated Downloads page, and Docker images in the apache/flink dockerhub repository.
We are publishing this announcement earlier than usual to give users access to the updated source/binary releases as soon as possible.
As a result of that certain artifacts are not yet available:
- Maven artifacts are currently being synced to Maven central and will become available over the next 24 hours.
- The 1.11.6/1.12.7 Python binaries will be published at a later date.
This post will be continously updated to reflect the latest state.
The newly released versions are:
- 1.14.2
- 1.13.5
- 1.12.7
- 1.11.6
To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases were skipped because CVE-2021-45046 was discovered during the release publication. Some artifacts were published to Maven Central, but no source/binary releases nor Docker images are available for those versions.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK