[
https://issues.apache.org/jira/browse/KUDU-3493?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17747219#comment-17747219
]
Alexey Serbin commented on KUDU-3493:
-------------------------------------
Thank you for reporting the issue, [~coheigea]!
The upcoming Kudu 1.17.0 release should contain [the
fix|https://github.com/apache/kudu/commit/55eb667ae5debdd531b58d11139700a1a00b81d4].
As for 1.16.1, [the fix has been back-ported into the 1.16.x branch of the
git
repo|https://github.com/apache/kudu/commit/4b287f4543cacd3e4774f59b8a51684a7e772da9],
but at this point it's not yet clear when maintenance release 1.16.1 of Kudu
is going to be happen.
> Guava CVE CVE-2023-2976
> -----------------------
>
> Key: KUDU-3493
> URL: https://issues.apache.org/jira/browse/KUDU-3493
> Project: Kudu
> Issue Type: Bug
> Affects Versions: 1.16.0
> Reporter: Colm O hEigeartaigh
> Priority: Major
> Fix For: 1.17.0, 1.16.1
>
>
> There is a CVE in Guava 30.1-jre CVE-2023-2976.
> Please update to e.g. 32.1.1-jre.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
