[
https://issues.apache.org/jira/browse/HDDS-10588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vyacheslav Tutrinov updated HDDS-10588:
---------------------------------------
Description: The hadoop-shaded-guava library (version of 1.1.1) depends on
guava of the version 30.1.1 that has a vulnerability -
https://nvd.nist.gov/vuln/detail/CVE-2023-2976. A newer version of the
hadoop-shaded-guava (1.2.0) depends from a newer version of the guava - 32.0.1
- that hasn't the CVE (was: The hadoop-shaded-guava library (version of 1.1.1)
depends from guava of the version 30.1.1 that has a vulnerability -
https://nvd.nist.gov/vuln/detail/CVE-2023-2976. A newer version of the
hadoop-shaded-guava (1.2.0) depends from a newer version of the guava - 32.0.1.)
> Upgrade the hadoop-shaded-guava version (1.1.1 -> 1.2.0)
> --------------------------------------------------------
>
> Key: HDDS-10588
> URL: https://issues.apache.org/jira/browse/HDDS-10588
> Project: Apache Ozone
> Issue Type: Improvement
> Affects Versions: 1.5.0
> Reporter: Vyacheslav Tutrinov
> Assignee: Vyacheslav Tutrinov
> Priority: Minor
>
> The hadoop-shaded-guava library (version of 1.1.1) depends on guava of the
> version 30.1.1 that has a vulnerability -
> https://nvd.nist.gov/vuln/detail/CVE-2023-2976. A newer version of the
> hadoop-shaded-guava (1.2.0) depends from a newer version of the guava -
> 32.0.1 - that hasn't the CVE
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
