[
https://issues.apache.org/jira/browse/IGNITE-27872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18059025#comment-18059025
]
Kirill Anisimov edited comment on IGNITE-27872 at 2/17/26 9:48 AM:
-------------------------------------------------------------------
h1. After
h3. Guava
After adding explicit com.google.guava:guava:${guava.version} dependency in
modules/zookeeper/pom.xml, the dependency tree shows a single *Guava* version
for ignite-zookeeper: {{32.1.2-jre}}
{{+Command to check:+ {{}}}}
{code:java}
mvn -pl modules/zookeeper -am -DskipTests dependency:tree
-Dincludes=com.google.guava:guava{code}
was (Author: JIRAUSER310920):
h1. After
h3. Guava
After adding explicit com.google.guava:guava:${guava.version} dependency in
modules/zookeeper/pom.xml, the dependency tree shows a single *Guava* version
for ignite-zookeeper: {{32.1.2-jre}}
> Normalize Guava/SLF4J versions to reduce CVE false positives
> ------------------------------------------------------------
>
> Key: IGNITE-27872
> URL: https://issues.apache.org/jira/browse/IGNITE-27872
> Project: Ignite
> Issue Type: Sub-task
> Components: general
> Affects Versions: 2.17, 2.18
> Reporter: Kirill Anisimov
> Assignee: Kirill Anisimov
> Priority: Major
> Labels: cve, dependencies, ignite-2
>
> There are different versions of Guava and SLF4J in the dependency tree, which
> can give false positives in CVE reports and complicate updates.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
