16 Dec 2021 Chesnay Schepler
The Apache Flink community has released emergency bugfix versions of Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
We highly recommend all users to upgrade to the respective patch release.
We are publishing this announcement earlier than usual to give users access to the updated source/binary releases as soon as possible.
As a result of that certain artifacts are not yet available:
- Maven artifacts are currently being synced to Maven central and will become available over the next 24 hours.
- The 1.11.6/1.12.7 Python binaries will be published at a later date.
This post will be continously updated to reflect the latest state.
The newly released versions are:
To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. Some artifacts were published to Maven Central, but no source/binary releases nor Docker images are available for those versions.