[
https://issues.apache.org/jira/browse/QPID-8256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16704942#comment-16704942
]
ASF subversion and git services commented on QPID-8256:
-------------------------------------------------------
Commit 6ba7c496209c11a98e8ec228dc8e208713da13f4 in qpid-broker-j's branch
refs/heads/7.0.x from [~alex.rufous]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=6ba7c49 ]
QPID-8256: [Broker-J] Update dependency references
(cherry picked from commit bed50962f658c2894de3d7f1a2885c1ce8580cac)
> [Broker-J] Update Guava to version 27.0
> ---------------------------------------
>
> Key: QPID-8256
> URL: https://issues.apache.org/jira/browse/QPID-8256
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Reporter: Alex Rudyy
> Assignee: Alex Rudyy
> Priority: Major
> Fix For: qpid-java-broker-7.1.0, qpid-java-broker-7.0.7,
> qpid-java-6.1.8
>
>
> The Qpid Broker depends on an older guava version 0.22 which is affected by
> vulnerability
> [CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237].
> It does not look like vulnerability
> [CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237]
> can be exploited with Qpid Broker, as impacted guava classes
> {{AtomicDoubleArray}} and {{CompoundOrdering}} are not used directly or
> indirectly within Qpid Broker code.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
