[kudu-CR] KUDU-3493 upgrade guava to 32.1.1-jre

Alexey Serbin (Code Review) Thu, 20 Jul 2023 17:36:34 -0700

Hello Yingchun Lai, Attila Bukor, Kudu Jenkins, Abhishek Chennaka,

I'd like you to reexamine a change. Please visit


    http://gerrit.cloudera.org:8080/20235

to look at the new patch set (#2).

Change subject: KUDU-3493 upgrade guava to 32.1.1-jre
......................................................................

KUDU-3493 upgrade guava to 32.1.1-jre

This is to address CVE-2023-2976 in 30.1-jre [1].

An update on java/build.gradle is a workaround as suggested by the
Guava release notes [2] to allow for building with gradle 6.x.

[1] https://nvd.nist.gov/vuln/detail/CVE-2023-2976
[2] https://github.com/google/guava/releases/tag/v32.1.0

Change-Id: I4acf448085e2279be3ed8c77ccf3306494c6639c
---
M java/build.gradle
M java/gradle/dependencies.gradle
2 files changed, 9 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/35/20235/2
--
To view, visit http://gerrit.cloudera.org:8080/20235
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I4acf448085e2279be3ed8c77ccf3306494c6639c
Gerrit-Change-Number: 20235
Gerrit-PatchSet: 2
Gerrit-Owner: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Abhishek Chennaka <[email protected]>
Gerrit-Reviewer: Attila Bukor <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Yingchun Lai <[email protected]>

[kudu-CR] KUDU-3493 upgrade guava to 32.1.1-jre

Reply via email to