You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@jclouds.apache.org by "Ignasi Barrera (Jira)" <ji...@apache.org> on 2019/10/13 09:14:00 UTC
[jira] [Commented] (JCLOUDS-1470) Vulnarable Guava dependency
dragged from jclouds-driver
[ https://issues.apache.org/jira/browse/JCLOUDS-1470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16950250#comment-16950250 ]
Ignasi Barrera commented on JCLOUDS-1470:
-----------------------------------------
There are some issues like JCLOUDS-1333 round the upgrade of some of the core dependencies of the project. That is also preventing us from upgrading to newer Java versions.
However, this is a community project and current availability from most of the core members is very limited and it is unlikely that we can make that happen in a timely manner.
We would, however, be very happy to help anyone from the community that wants to champion this and to provide any help and guidance to anyone that wants to contribute a patch to upgrade the dependencies. Contributions are very welcome!
> Vulnarable Guava dependency dragged from jclouds-driver
> -------------------------------------------------------
>
> Key: JCLOUDS-1470
> URL: https://issues.apache.org/jira/browse/JCLOUDS-1470
> Project: jclouds
> Issue Type: Bug
> Components: jclouds-core
> Affects Versions: 2.1.1
> Reporter: Blagoi Anastasov
> Priority: Major
> Labels: guava
>
> It looks like jclouds-driver drags old(from 2014) and vulnerable guava dependency - 18.0.
> [https://nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Agoogle%3Aguava%3A18.0]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)