Uploaded image for project: 'Beam'
  1. Beam
  2. BEAM-6267

Guava library DOS vulnerability in Beam Java SDK

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • P2
    • Resolution: Fixed
    • 2.4.0, 2.9.0
    • 2.15.0
    • sdk-java-core
    • Java

    Description

      Guava 11.0 through 24.x are affected by the following vulnerability:

      https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion
      https://nvd.nist.gov/vuln/detail/2018-10237

      All Beam versions that use these Guava versions need to be updated with latest fixed Guava library.

       

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. BEAM-4948 Beam Dependency Update Request: com.google.guava

          • P3 - Non-urgent bugs, features, and improvements
          • Triage Needed
          is duplicated by

          Sub-task - The sub-task of the issue BEAM-5559 Beam Dependency Update Request: com.google.guava:guava

          • P3 - Non-urgent bugs, features, and improvements
          • Open
          relates to

          Sub-task - The sub-task of the issue BEAM-7289 Upgrade guava

          • P1 - Critical bug: data loss, total loss of function, or loss of testing signal due to test failures or flakiness
          • Resolved

          Activity

            People

              lcwik Luke Cwik
              zorro Abdul Qadeer
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: