[
https://issues.apache.org/jira/browse/IGNITE-27872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18059001#comment-18059001
]
Kirill Anisimov commented on IGNITE-27872:
------------------------------------------
h1. Before:
h3. Guava:
* {{ignite-core:}}
{code:java}
org.apache.ignite:ignite-core:jar:2.18.0-SNAPSHOT
\- com.google.guava:guava:jar:32.1.2-jre:test{code}
* {{ignite-zookeeper:}}
{code:java}
org.apache.ignite:ignite-zookeeper:jar:2.18.0-SNAPSHOT
\- org.apache.curator:curator-test:jar:5.3.0:test
\- com.google.guava:guava:jar:27.0.1-jre:test{code}
h3. SLF4J:
* {{ignite-core:}}
{code:java}
org.apache.ignite:ignite-core:jar:2.18.0-SNAPSHOT
\- org.eclipse.jetty:jetty-servlets:jar:11.0.24:test
\- org.slf4j:slf4j-api:jar:2.0.9:test{code}
* {{ignite-zookeeper:}}
{code:java}
org.apache.ignite:ignite-zookeeper:jar:2.18.0-SNAPSHOT
\- org.slf4j:slf4j-api:jar:1.7.36:compile{code}
> Normalize Guava/SLF4J versions to reduce CVE false positives
> ------------------------------------------------------------
>
> Key: IGNITE-27872
> URL: https://issues.apache.org/jira/browse/IGNITE-27872
> Project: Ignite
> Issue Type: Sub-task
> Components: general
> Affects Versions: 2.17, 2.18
> Reporter: Kirill Anisimov
> Assignee: Kirill Anisimov
> Priority: Major
> Labels: cve, dependencies, ignite-2
>
> There are different versions of Guava and SLF4J in the dependency tree, which
> can give false positives in CVE reports and complicate updates.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
