Yingchun Lai has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/20244 )
Change subject: KUDU-3493 upgrade Guava to 32.1.1-jre ...................................................................... KUDU-3493 upgrade Guava to 32.1.1-jre This is to address CVE-2023-2976 in 30.1-jre [1]. An update on java/build.gradle is a workaround as suggested by the Guava release notes [2] to allow for building with gradle 6.x. An update on build-support/verify_jars.pl allows for ProGuard [3] rule files to be in the result JARs: those appeared in the compiled JAR files with the new Guava version. [1] https://nvd.nist.gov/vuln/detail/CVE-2023-2976 [2] https://github.com/google/guava/releases/tag/v32.1.0 [3] https://www.guardsquare.com/en/products/proguard Change-Id: I4acf448085e2279be3ed8c77ccf3306494c6639c Reviewed-on: http://gerrit.cloudera.org:8080/20235 Reviewed-by: Abhishek Chennaka <[email protected]> Tested-by: Abhishek Chennaka <[email protected]> Tested-by: Alexey Serbin <[email protected]> (cherry picked from commit ab2f15d0dc168245d9e5adc631784f0f1be1c803) Reviewed-on: http://gerrit.cloudera.org:8080/20244 Tested-by: Kudu Jenkins Reviewed-by: Yingchun Lai <[email protected]> --- M build-support/verify_jars.pl M java/build.gradle M java/gradle/dependencies.gradle 3 files changed, 10 insertions(+), 2 deletions(-) Approvals: Kudu Jenkins: Verified Yingchun Lai: Looks good to me, approved -- To view, visit http://gerrit.cloudera.org:8080/20244 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: branch-1.16.x Gerrit-MessageType: merged Gerrit-Change-Id: I4acf448085e2279be3ed8c77ccf3306494c6639c Gerrit-Change-Number: 20244 Gerrit-PatchSet: 2 Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Abhishek Chennaka <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Yingchun Lai <[email protected]>
