Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-20763

Update guava >=24.1.1

    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Major
    • Resolution: Implemented
    • Affects Version/s: None
    • Fix Version/s: thirdparty-2.2.0
    • Component/s: thirdparty
    • Labels:
      None

      Description

      We should update Guava in hbase-thirdparty to stop shipping the code cited as vulnerable in CVE-2018-10237. We do not invoke this code ourselves and users would have to try pretty hard to use it themselves, but we've seen more strange things before

      Let's just bump up the dependency and move on.

        Attachments

        1. HBASE-20763.001.patch
          0.8 kB
          Josh Elser

          Activity

            People

            • Assignee:
              elserj Josh Elser
              Reporter:
              elserj Josh Elser
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: