[
https://issues.apache.org/jira/browse/HADOOP-16210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16807140#comment-16807140
]
Sean Mackrory commented on HADOOP-16210:
----------------------------------------
Beyond the findbugs issues, I'm supportive of this change. I also ran the Azure
tests. There's more work to be done coordinating with downstream projects, but
I think that can happen after it's submitted to trunk. We've gotta commit at
some point to really see what else breaks that can't foresee. Pretty dangerous
to be as far behind on dependencies as we are with this one - even if we're not
affected by specific vulnerabilities, IMO.
> Update guava to 27.0-jre in hadoop-project trunk
> ------------------------------------------------
>
> Key: HADOOP-16210
> URL: https://issues.apache.org/jira/browse/HADOOP-16210
> Project: Hadoop Common
> Issue Type: Sub-task
> Affects Versions: 3.3.0
> Reporter: Gabor Bota
> Assignee: Gabor Bota
> Priority: Critical
> Attachments: HADOOP-16210.001.patch, HADOOP-16210.002.patch
>
>
> com.google.guava:guava should be upgraded to 27.0-jre due to new CVE's found
> CVE-2018-10237.
> This is a sub-task for trunk from HADOOP-15960 to track issues with that
> particular branch.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
