[ https://issues.apache.org/jira/browse/HADOOP-15960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16798880#comment-16798880 ]
Gabor Bota commented on HADOOP-15960: ------------------------------------- Things done: * In HADOOP-15960 I made a mistake (maybe on purpose?) to use 24.1.1-jre instead of 27.0-jre. I needed to update this to 27.0-jre * After the update: the deprecated Futures.addCallback without an executor is removed. The old implementation used MoreExecutors.directExecutor(), so I added it to the parameters to preserve behavior. * Leaking of checkerframework is gone in the 27.0 so no need to do a workaround to exclude it from the jar. * Created a pull request for this: https://github.com/apache/hadoop/pull/637 > Update guava to 27.0-jre in hadoop-common > ----------------------------------------- > > Key: HADOOP-15960 > URL: https://issues.apache.org/jira/browse/HADOOP-15960 > Project: Hadoop Common > Issue Type: Bug > Components: common, security > Affects Versions: 3.1.0, 3.3.0 > Reporter: Gabor Bota > Assignee: Gabor Bota > Priority: Critical > Attachments: HADOOP-15960.000.WIP.patch > > > com.google.guava:guava should be upgraded to 27.0-jre due to new CVE's found > [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237]. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org