[ https://issues.apache.org/jira/browse/QPID-8256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Rudyy updated QPID-8256: ----------------------------- Status: Reviewable (was: In Progress) > [Broker-J] Update Guava to version 27.0 > --------------------------------------- > > Key: QPID-8256 > URL: https://issues.apache.org/jira/browse/QPID-8256 > Project: Qpid > Issue Type: Improvement > Components: Broker-J > Reporter: Alex Rudyy > Assignee: Alex Rudyy > Priority: Major > Fix For: qpid-java-broker-7.1.0, qpid-java-broker-7.0.7, > qpid-java-6.1.8 > > > The Qpid Broker depends on an older guava version 0.22 which is affected by > vulnerability > [CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237]. > It does not look like vulnerability > [CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237] > can be exploited with Qpid Broker, as impacted guava classes > {{AtomicDoubleArray}} and {{CompoundOrdering}} are not used directly or > indirectly within Qpid Broker code. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org