[jira] [Reopened] (ARTEMIS-2359) Upgrade to Guava 24.1

clebert suconic (Jira) Mon, 26 Aug 2019 08:48:42 -0700


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-2359?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


clebert suconic reopened ARTEMIS-2359:
--------------------------------------

> Upgrade to Guava 24.1
> ---------------------
>
>                 Key: ARTEMIS-2359
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2359
>             Project: ActiveMQ Artemis
>          Issue Type: Task
>          Components: Broker
>    Affects Versions: 2.8.1
>            Reporter: Domenico Bruscino
>            Priority: Major
>             Fix For: 2.10.0
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Google Guava versions 11.0 through 24.1 are vulnerable to unbounded memory 
> allocation in the AtomicDoubleArray class (when serialized with Java 
> serialization) and Compound Ordering class (when serialized with GWT 
> serialization). An attacker could exploit applications that use Guava and 
> deserialize untrusted data to cause a denial of service. Could you upgrade 
> guava to version 24.1
> or above?
> [https://github.com/google/guava/wiki/CVE-2018-10237]



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

[jira] [Reopened] (ARTEMIS-2359) Upgrade to Guava 24.1

Reply via email to