[HDDS-10588] Upgrade the hadoop-shaded-guava version (1.1.1 -> 1.2.0) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Minor
Resolution: Done
Affects Version/s: 1.5.0
Fix Version/s: 1.5.0, 1.4.1
Component/s: None
Labels:
- pull-request-available

Target Version/s:

1.4.1

Description

The hadoop-shaded-guava library (version of 1.1.1) depends on guava of the version 30.1.1 that has a vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2023-2976. A newer version of the hadoop-shaded-guava (1.2.0) depends from a newer version of the guava - 32.0.1 - that hasn't the CVE

Attachments

Issue Links

links to

GitHub Pull Request #6440

Activity

People

Assignee:: Vyacheslav Tutrinov

Reporter:: Vyacheslav Tutrinov

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 25/Mar/24 10:48

Updated:: 10/Apr/24 08:13

Resolved:: 27/Mar/24 15:29