You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by GitBox <gi...@apache.org> on 2022/10/13 16:04:11 UTC

[GitHub] [storm] claire9910 opened a new pull request, #3500: fix(sec): upgrade com.google.guava:guava to 30.0-jre

claire9910 opened a new pull request, #3500:
URL: https://github.com/apache/storm/pull/3500

   ### What happened？
   There are 2 security vulnerabilities found in com.google.guava:guava 17.0
   - [CVE-2018-10237](https://www.oscs1024.com/hd/CVE-2018-10237)
   - [CVE-2020-8908](https://www.oscs1024.com/hd/CVE-2020-8908)
   
   
   ### What did I do？
   Upgrade com.google.guava:guava from 17.0 to 30.0-jre for vulnerability fix
   
   ### What did you expect to happen？
   Ideally, no insecure libs should be used.
   
   ### The specification of the pull request
   [PR Specification](https://www.oscs1024.com/docs/pr-specification/) from OSCS


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] fix(sec): upgrade com.google.guava:guava to 30.0-jre (storm)

Posted by "rzo1 (via GitHub)" <gi...@apache.org>.

rzo1 commented on PR #3500:
URL: https://github.com/apache/storm/pull/3500#issuecomment-1775339089

   SOLR was removed with https://issues.apache.org/jira/projects/STORM/issues/STORM-3988?filter=allissues


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] bipinprasad commented on pull request #3500: fix(sec): upgrade com.google.guava:guava to 30.0-jre

Posted by GitBox <gi...@apache.org>.

bipinprasad commented on PR #3500:
URL: https://github.com/apache/storm/pull/3500#issuecomment-1287511964

   DEPENDENCY-LICENSES needs to be changed as well.
   License check failed https://app.travis-ci.com/github/apache/storm/jobs/585571698 line 3190
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] fix(sec): upgrade com.google.guava:guava to 30.0-jre (storm)

Posted by "rzo1 (via GitHub)" <gi...@apache.org>.

rzo1 closed pull request #3500: fix(sec): upgrade com.google.guava:guava to 30.0-jre
URL: https://github.com/apache/storm/pull/3500


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org