[
https://issues.apache.org/jira/browse/HDDS-10588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Attila Doroszlai updated HDDS-10588:
------------------------------------
Fix Version/s: 1.4.1
> Upgrade the hadoop-shaded-guava version (1.1.1 -> 1.2.0)
> --------------------------------------------------------
>
> Key: HDDS-10588
> URL: https://issues.apache.org/jira/browse/HDDS-10588
> Project: Apache Ozone
> Issue Type: Task
> Affects Versions: 1.5.0
> Reporter: Vyacheslav Tutrinov
> Assignee: Vyacheslav Tutrinov
> Priority: Minor
> Labels: pull-request-available
> Fix For: 1.5.0, 1.4.1
>
>
> The hadoop-shaded-guava library (version of 1.1.1) depends on guava of the
> version 30.1.1 that has a vulnerability -
> https://nvd.nist.gov/vuln/detail/CVE-2023-2976. A newer version of the
> hadoop-shaded-guava (1.2.0) depends from a newer version of the guava -
> 32.0.1 - that hasn't the CVE
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
