[jira] [Commented] (FLINK-39147) Update Guava to 32.0.1

Cameron (Jira) Tue, 24 Feb 2026 03:42:39 -0800


    [ 
https://issues.apache.org/jira/browse/FLINK-39147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18060685#comment-18060685
 ]


Cameron commented on FLINK-39147:
---------------------------------

The PR for this is already available. It was originally a Hotfix, but I was 
told that CVEs need Jira tickets
https://github.com/apache/flink/pull/27493

> Update Guava to 32.0.1
> ----------------------
>
>                 Key: FLINK-39147
>                 URL: https://issues.apache.org/jira/browse/FLINK-39147
>             Project: Flink
>          Issue Type: Improvement
>            Reporter: Cameron
>            Priority: Major
>
> Guava 30.0-jre contains the following CVEs:
>  * [CVE-2023-2976|https://github.com/advisories/GHSA-7g45-4rm6-3mm3]
>  * [CVE-2020-8908|https://github.com/advisories/GHSA-5mg8-w23w-74h3]
> Updating to 32.0.1 resolves the CVEs



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (FLINK-39147) Update Guava to 32.0.1

Reply via email to