Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
3.3.6
-
None
-
None
Description
Update guava to 32.0.1 or higher due to CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-2976
hadoop-shaded-guava 1.1.1 is currently using 30.1.1-jre per security scanning tools
Attachments
Issue Links
- duplicates
-
HADOOP-18843 Guava version 32.0.1 bump to fix CVE-2023-2976 (hadoop-thirdparty PR#23)
- Resolved