[fix][sec] Upgrade Guava to 32.0.0 to address CVE-2023-2976#20459
[fix][sec] Upgrade Guava to 32.0.0 to address CVE-2023-2976#20459lhotari merged 1 commit intoapache:masterfrom
Conversation
lhotari
changed the title
There was a problem hiding this comment.
@lhotari Can you attach a description of CVE-2023-2976? I don't find it on any advisory now.
Also, cross-post Guava 32.0.0 release note - https://github.com/google/guava/releases/tag/v32.0.0
It can introduce some imcompability changes while with a quick glance I don't think it would affect our usage.
There was a problem hiding this comment.
thanks. The CVE seems to be in the pipeline. There was a comment here: google/guava#2575 (comment)
There was a problem hiding this comment.
thanks. The CVE seems to be in the pipeline. There was a comment here: google/guava#2575 (comment)
It will be available at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976 when it has been published.
|
/pulsarbot rerun-failure-checks |
lhotari
force-pushed
the
lh-address-CVE-2023-2976
branch
from
0513fd9 to
4345019
Compare
(cherry picked from commit 57f9467) # Conflicts: # pom.xml # pulsar-sql/presto-distribution/LICENSE
(cherry picked from commit 57f9467) # Conflicts: # distribution/server/src/assemble/LICENSE.bin.txt # pom.xml # pulsar-sql/presto-distribution/LICENSE
(cherry picked from commit 57f9467) # Conflicts: # pom.xml # pulsar-sql/presto-distribution/LICENSE
3 participants
Motivation & Modifications
Upgrade Guava to 32.0.0 to address CVE-2023-2976
More details in Guava 32.0.0 release notes: https://github.com/google/guava/releases/tag/v32.0.0
Documentation
docdoc-requireddoc-not-neededdoc-complete