Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
The Qpid Broker depends on an older guava version 0.22 which is affected by vulnerability CVE-2018-10237. It does not look like vulnerability CVE-2018-10237 can be exploited with Qpid Broker, as impacted guava classes AtomicDoubleArray and CompoundOrdering are not used directly or indirectly within Qpid Broker code.