qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-8256) [Broker-J] Update Guava to version 27.0
Date Mon, 05 Nov 2018 10:24:00 GMT

    [ https://issues.apache.org/jira/browse/QPID-8256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16674921#comment-16674921
] 

ASF subversion and git services commented on QPID-8256:
-------------------------------------------------------

Commit e19426909ce0ce6f9a8fbfdf2786085999b0948e in qpid-broker-j's branch refs/heads/master
from [~alex.rufous]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=e194269 ]

QPID-8256: [Broker-J] Update Guava to version 27.0


> [Broker-J] Update Guava to version 27.0
> ---------------------------------------
>
>                 Key: QPID-8256
>                 URL: https://issues.apache.org/jira/browse/QPID-8256
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Broker-J
>            Reporter: Alex Rudyy
>            Priority: Major
>             Fix For: qpid-java-broker-7.1.0, qpid-java-broker-7.0.7, qpid-java-6.1.8
>
>
> The Qpid Broker depends on an older guava version 0.22 which is affected by vulnerability
[CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237]. It does not
look like vulnerability [CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237]
can be exploited with Qpid Broker, as impacted guava classes  {{AtomicDoubleArray}} and {{CompoundOrdering}}
are not used directly or indirectly within Qpid Broker code.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message