[jira] [Updated] (ORC-599) Bump guava version to 28.1-jre

Panagiotis Garefalakis (Jira) Thu, 13 Feb 2020 04:32:12 -0800


     [ 
https://issues.apache.org/jira/browse/ORC-599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Panagiotis Garefalakis updated ORC-599:
---------------------------------------
    Description: Even though guava dependency is used only by Test classes it 
make sense to upgrade due to known security vulnerabilities  
[https://nvd.nist.gov/vuln/detail/CVE-2018-10237] and to reduce the dependency 
footprint e.g. Apache Hive is upgrading to 28.1-jre 
https://issues.apache.org/jira/browse/HIVE-21569

> Bump guava version to 28.1-jre
> ------------------------------
>
>                 Key: ORC-599
>                 URL: https://issues.apache.org/jira/browse/ORC-599
>             Project: ORC
>          Issue Type: Improvement
>    Affects Versions: 1.5.1, master
>            Reporter: Panagiotis Garefalakis
>            Assignee: Panagiotis Garefalakis
>            Priority: Major
>             Fix For: 1.5.10, master
>
>
> Even though guava dependency is used only by Test classes it make sense to 
> upgrade due to known security vulnerabilities  
> [https://nvd.nist.gov/vuln/detail/CVE-2018-10237] and to reduce the 
> dependency footprint e.g. Apache Hive is upgrading to 28.1-jre 
> https://issues.apache.org/jira/browse/HIVE-21569



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (ORC-599) Bump guava version to 28.1-jre

Reply via email to