[SecurityFix] Updating alibaba fastjson to take care of CVE-2022-25845

StarRocks / starrocks-connector-for-apache-flink

Apache License 2.0

195 stars 160 forks source link

[SecurityFix] Updating alibaba fastjson to take care of CVE-2022-25845 #394

Closed gdrossi46 closed 1 week ago

gdrossi46 commented 1 week ago

What type of PR is this：

[ ] BugFix
[ ] Feature
[ ] Enhancement
[ ] Refactor
[ ] UT
[ ] Doc
[ ] Tool

Which issues of this PR fixes ：

Fixes #

Problem Summary(Required) ：

Checklist:

[ ] I have added test cases for my bug fix or my new feature
[ ] This pr will affect users' behaviors
[ ] This pr needs user documentation (for new or modified features or behaviors)
[ ] I have added documentation for my new feature or new function

CLAassistant commented 1 week ago

All committers have signed the CLA.

alvin-celerdata commented 1 week ago

@gdrossi46 Can you sign off this PR by git commit -s?

banmoy commented 1 week ago

@gdrossi46 LTGM overall. As alvin said, please sign off the commit

gdrossi46 commented 1 week ago

@alvin-celerdata @banmoy Done, I have signed off the commit now. When will this be merged and a new version released?

banmoy commented 1 week ago

@gdrossi46 Version 1.2.10 was just released. While there's no plan yet for the next version release, would it be possible to create a separate package based on the latest code for use?

gdrossi46 commented 1 week ago

Yes @banmoy, that's what we have done. We have generated our own package and are using it to unblock ourselves.