[SPARK-38262] Upgrade Google guava to version 30.0-jre - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Resolved
Priority: Major
Resolution: Duplicate
Affects Version/s: 3.3.0
Fix Version/s: None
Component/s: Build
Labels:
None

Description

This is duplicated many times like in SPARK-32502

Apache Spark is using com.google.guava:guava version 14.0.1 which has two security issues.

We should upgrade to version 30.0

I will add some links to what I have found about this issue

HIVE-25617:fix bug introduced by CVE-2020-8908

Upgrade Guava to 27

HIVE-21961: Upgrade Hadoop to 3.1.4, Guava to 27.0-jre and Jetty to 9.4.20.v20190813

Shade Guava manually

[DISCUSS] Hadoop 3, dropping support for Hadoop 2.x

Attachments

Issue Links

links to

[Github] Pull Request #35584 (bjornjorgensen)

[Github] Pull Request #35584 (bjornjorgensen)

Activity

People

Assignee:: Unassigned

Reporter:: Bjørn Jørgensen

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 20/Feb/22 17:31

Updated:: 05/Apr/23 16:52

Resolved:: 16/Apr/22 21:01