[jira] [Updated] (QPID-8256) [Broker-J] Update Guava to version 27.0

Alex Rudyy (JIRA) Mon, 05 Nov 2018 02:42:37 -0800


     [ 
https://issues.apache.org/jira/browse/QPID-8256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Alex Rudyy updated QPID-8256:
-----------------------------
    Status: Reviewable  (was: In Progress)

> [Broker-J] Update Guava to version 27.0
> ---------------------------------------
>
>                 Key: QPID-8256
>                 URL: https://issues.apache.org/jira/browse/QPID-8256
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Broker-J
>            Reporter: Alex Rudyy
>            Assignee: Alex Rudyy
>            Priority: Major
>             Fix For: qpid-java-broker-7.1.0, qpid-java-broker-7.0.7, 
> qpid-java-6.1.8
>
>
> The Qpid Broker depends on an older guava version 0.22 which is affected by 
> vulnerability 
> [CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237].
>  It does not look like vulnerability 
> [CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237]
>  can be exploited with Qpid Broker, as impacted guava classes  
> {{AtomicDoubleArray}} and {{CompoundOrdering}} are not used directly or 
> indirectly within Qpid Broker code.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

[jira] [Updated] (QPID-8256) [Broker-J] Update Guava to version 27.0

Reply via email to