[
https://issues.apache.org/jira/browse/JCLOUDS-1225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16820171#comment-16820171
]
David Dillard commented on JCLOUDS-1225:
----------------------------------------
There's a known vulnerability in the version of Guava
([CVE-2018-10237|https://github.com/google/guava/wiki/CVE-2018-10237]). Does
anyone know if this vulnerability is potentially exploitable from jclouds?
The "solution" of we're just going to use the old version because it works
isn't a great one from a security perspective.
> Guava 21 compatibility
> ----------------------
>
> Key: JCLOUDS-1225
> URL: https://issues.apache.org/jira/browse/JCLOUDS-1225
> Project: jclouds
> Issue Type: Improvement
> Components: jclouds-core
> Affects Versions: 2.0.0
> Reporter: Ian Springer
> Assignee: Andrew Gaul
> Priority: Major
> Labels: guava
> Fix For: 2.1.0
>
>
> The below classes use com.google.common.base.Objects.ToStringHelper, which
> has been deprecated since Guava 18, and has been removed in Guava 21. This
> makes it impossible to use jclouds in a project using Guava 21. Please either
> upgrade to Guava 18+ and switch to using
> com.google.common.base.MoreObjects.ToStringHelper, or drop the usage of
> ToStringHelper altogether. This will allow my project to upgrade to Guava 21
> without having to use a fork of jclouds.
> * org/jclouds/apis/internal/BaseApiMetadata.java
> * org/jclouds/domain/internal/LocationImpl.java
> * org/jclouds/domain/internal/MutableResourceMetadataImpl.java
> * org/jclouds/domain/internal/ResourceMetadataImpl.java
> * org/jclouds/http/HttpMessage.java
> * org/jclouds/http/HttpRequest.java
> * org/jclouds/http/HttpResponse.java
> * org/jclouds/internal/BaseView.java
> * org/jclouds/providers/internal/BaseProviderMetadata.java
> * org/jclouds/reflect/InvocationSuccess.java
> * org/jclouds/rest/internal/BaseHttpApiMetadata.java
> * org/jclouds/rest/suppliers/URIFromStringSupplier.java
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
