Skip to content

[FLINK-36536] Bumped commons-text from 1.10.0 to 1.12.0 #26459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[FLINK-36536] Bumped commons-text from 1.10.0 to 1.12.0 #26459

wants to merge 3 commits into from
+11 −11

Conversation

vivek807
Copy link

What is the purpose of the change

Bumped commons-text from 1.10.0 to 1.12.0 to resolve the vulnerability CVE-2024-47554

Brief change log

Updated commons-text version to 10.12.0 in parent pom.xml to resolve vulnerability CVE-2024-47554.

Verifying this change

This change is a trivial rework / code cleanup without any test coverage.

Does this pull request potentially affect one of the following parts:

  • Dependencies (does it add or upgrade a dependency): yes
  • The public API, i.e., is any changed class annotated with @Public(Evolving): no
  • The serializers: no
  • The runtime per-record code paths (performance sensitive): no
  • Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no
  • The S3 file system connector. no

Documentation

  • Does this pull request introduce a new feature? no
  • If yes, how is the feature documented? (not applicable / docs / JavaDocs / not documented)

@flinkbot
Copy link
Collaborator

flinkbot commented Apr 15, 2025
edited
Loading

CI report:

Bot commands The @flinkbot bot supports the following commands:
  • @flinkbot run azure re-run the last Azure build

@github-actions GitHub Actions
Copy link

This PR is being marked as stale since it has not had any activity in the last 90 days.
If you would like to keep this PR alive, please leave a comment asking for a review.
If the PR has merge conflicts, update it with the latest from the base branch.

If you are having difficulty finding a reviewer, please reach out to the
community, contact details can be found here: https://flink.apache.org/what-is-flink/community/

If this PR is no longer valid or desired, please feel free to close it.
If no activity occurs in the next 30 days, it will be automatically closed.

@github-actions github-actions bot added the stale label Jul 15, 2025
snuyanzin
snuyanzin reviewed Aug 2, 2025
View reviewed changes
flink-dist/src/main/resources/META-INF/NOTICE
@@ -13,9 +13,9 @@ This project bundles the following dependencies under the Apache Software Licens
- commons-collections:commons-collections:3.2.2
- commons-io:commons-io:2.15.1
- org.apache.commons:commons-compress:1.26.0
- org.apache.commons:commons-lang3:3.12.0
- org.apache.commons:commons-lang3:3.14.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how about 3.18 since there is another cve?

@github-actions github-actions bot removed the stale label Aug 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@snuyanzin snuyanzin snuyanzin left review comments

Assignees
No one assigned
Labels
component=<none>
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vivek807 @flinkbot @snuyanzin