Alex Rudyy created QPID-8256:
--------------------------------
Summary: [Broker-J] Update Guava to version 27.0
Key: QPID-8256
URL: https://issues.apache.org/jira/browse/QPID-8256
Project: Qpid
Issue Type: Bug
Components: Broker-J
Reporter: Alex Rudyy
Fix For: qpid-java-6.1.8, qpid-java-broker-7.1.0,
qpid-java-broker-7.0.7
The Qpid Broker depends on an older guava version 0.22 which is affected by
vulnerability
[CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237].
It does not look like vulnerability
[CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237]
can be exploited with Qpid Broker, as impacted guava classes
{{AtomicDoubleArray}} and {{CompoundOrdering}} are not used directly within
Qpid Broker code.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
