jclouds-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vasil (Jira)" <j...@apache.org>
Subject [jira] [Commented] (JCLOUDS-1470) Vulnarable Guava dependency dragged from jclouds-driver
Date Mon, 30 Sep 2019 15:28:00 GMT

    [ https://issues.apache.org/jira/browse/JCLOUDS-1470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16941059#comment-16941059
] 

Vasil commented on JCLOUDS-1470:
--------------------------------

According to the CVE the vulnerability is preset in guava versions up to 24.1.1. Is there
any chance of adoption of a newer version for the jclouds project? 

> Vulnarable Guava dependency dragged from jclouds-driver
> -------------------------------------------------------
>
>                 Key: JCLOUDS-1470
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1470
>             Project: jclouds
>          Issue Type: Bug
>          Components: jclouds-core
>    Affects Versions: 2.1.1
>            Reporter: Blagoi Anastasov
>            Priority: Major
>              Labels: guava
>
> It looks like jclouds-driver drags old(from 2014) and vulnerable guava dependency - 18.0.
> [https://nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Agoogle%3Aguava%3A18.0]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message