activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From clebertsuco...@apache.org
Subject [activemq-artemis] branch master updated: ARTEMIS-2359 Upgrade to Guava 24.1
Date Fri, 31 May 2019 16:21:09 GMT
This is an automated email from the ASF dual-hosted git repository.

clebertsuconic pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git


The following commit(s) were added to refs/heads/master by this push:
     new d708be3  ARTEMIS-2359 Upgrade to Guava 24.1
     new d5257ff  This closes #2687
d708be3 is described below

commit d708be31896907e06c8790d1bc9a34abae21cdc7
Author: brusdev <bruscinodf@gmail.com>
AuthorDate: Thu May 30 09:41:29 2019 +0200

    ARTEMIS-2359 Upgrade to Guava 24.1
    
    CVE-2018-10237 guava: Unbounded memory allocation in AtomicDoubleArray
    and CompoundOrdering classes allow remote attackers to cause a denial
    of service.
---
 artemis-hawtio/artemis-console/pom.xml |  7 +++++++
 pom.xml                                | 10 ++++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/artemis-hawtio/artemis-console/pom.xml b/artemis-hawtio/artemis-console/pom.xml
index 3e7e7b9..7d9f947 100644
--- a/artemis-hawtio/artemis-console/pom.xml
+++ b/artemis-hawtio/artemis-console/pom.xml
@@ -67,6 +67,12 @@
       <version>${hawtio.version}</version>
       <scope>provided</scope>
     </dependency>
+    <dependency>
+      <groupId>com.google.guava</groupId>
+      <artifactId>guava</artifactId>
+      <version>${guava.version}</version>
+      <!-- License: Apache 2.0 -->
+    </dependency>
   </dependencies>
 
   <build>
@@ -110,6 +116,7 @@
                 <exclude>bower_components/jquery/src/**/*</exclude>
                 <exclude>bower_components/jquery/test/**/*</exclude>
                 <exclude>bower_components/js-logger/src/**/*</exclude>
+                <excluse>WEB-INF/lib/guava*.jar</excluse>
                 <excluse>WEB-INF/lib/slf4j-api*.jar</excluse>
                 <excluse>lib/camelModel.js</excluse>
                 <exclude>app/activemq/**/*</exclude>
diff --git a/pom.xml b/pom.xml
index f8c26e1..2449d7b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -84,7 +84,7 @@
       <commons.beanutils.version>1.9.3</commons.beanutils.version>
       <commons.collections.version>3.2.2</commons.collections.version>
       <fuse.mqtt.client.version>1.14</fuse.mqtt.client.version>
-      <guava.version>19.0</guava.version>
+      <guava.version>24.1-jre</guava.version>
       <jboss.logging.version>3.4.0.Final</jboss.logging.version>
       <jetty.version>9.4.3.v20170317</jetty.version>
       <jgroups.version>3.6.13.Final</jgroups.version>
@@ -103,7 +103,7 @@
       <jb.logmanager.version>2.1.10.Final</jb.logmanager.version>
       <jb.slf4j-jboss-logmanager.version>1.0.4.GA</jb.slf4j-jboss-logmanager.version>
        <version.org.wildfly.common.wildfly-common>1.5.1.Final</version.org.wildfly.common.wildfly-common>
-      <airlift.version>0.7</airlift.version>
+      <airlift.version>0.8</airlift.version>
       <geronimo.annotation.1.1.spec.version>1.0.1</geronimo.annotation.1.1.spec.version>
       <geronimo.ejb.3.0.spec.version>1.0.1</geronimo.ejb.3.0.spec.version>
       <geronimo.jta.1.1.spec.version>1.1.1</geronimo.jta.1.1.spec.version>
@@ -800,6 +800,12 @@
             <scope>provided</scope>
             <!-- License: Apache 2.0 -->
          </dependency>
+         <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <version>${guava.version}</version>
+            <!-- License: Apache 2.0 -->
+         </dependency>
       </dependencies>
 
    </dependencyManagement>


Mime
View raw message