Hello Abhishek Chennaka,
I'd like you to do a code review. Please visit
http://gerrit.cloudera.org:8080/20244
to review the following change.
Change subject: KUDU-3493 upgrade Guava to 32.1.1-jre
......................................................................
KUDU-3493 upgrade Guava to 32.1.1-jre
This is to address CVE-2023-2976 in 30.1-jre [1].
An update on java/build.gradle is a workaround as suggested by the
Guava release notes [2] to allow for building with gradle 6.x.
An update on build-support/verify_jars.pl allows for ProGuard [3]
rule files to be in the result JARs: those appeared in the compiled
JAR files with the new Guava version.
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-2976
[2] https://github.com/google/guava/releases/tag/v32.1.0
[3] https://www.guardsquare.com/en/products/proguard
Change-Id: I4acf448085e2279be3ed8c77ccf3306494c6639c
Reviewed-on: http://gerrit.cloudera.org:8080/20235
Reviewed-by: Abhishek Chennaka <[email protected]>
Tested-by: Abhishek Chennaka <[email protected]>
Tested-by: Alexey Serbin <[email protected]>
(cherry picked from commit ab2f15d0dc168245d9e5adc631784f0f1be1c803)
---
M build-support/verify_jars.pl
M java/build.gradle
M java/gradle/dependencies.gradle
3 files changed, 10 insertions(+), 2 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/44/20244/1
--
To view, visit http://gerrit.cloudera.org:8080/20244
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: branch-1.16.x
Gerrit-MessageType: newchange
Gerrit-Change-Id: I4acf448085e2279be3ed8c77ccf3306494c6639c
Gerrit-Change-Number: 20244
Gerrit-PatchSet: 1
Gerrit-Owner: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Abhishek Chennaka <[email protected]>
