You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@curator.apache.org by "PJ Fanning (Jira)" <ji...@apache.org> on 2022/05/11 16:49:00 UTC

[jira] [Comment Edited] (CURATOR-502) Update dependency com.google.guava:guava of org.apache.curator:curator-client

    [ https://issues.apache.org/jira/browse/CURATOR-502?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17534995#comment-17534995 ] 

PJ Fanning edited comment on CURATOR-502 at 5/11/22 4:48 PM:
-------------------------------------------------------------

Hadoop uses a shaded version of guava ([https://mvnrepository.com/artifact/org.apache.hadoop.thirdparty/hadoop-shaded-guava)|https://mvnrepository.com/artifact/org.apache.hadoop.thirdparty/hadoop-shaded-guava] - maybe this might be a solution for curator-client. Or possibly, just inlining the guava code that curator-client needs.


was (Author: pj.fanning):
Hadoop uses a shaded version of guava ([https://mvnrepository.com/artifact/org.apache.hadoop.thirdparty/hadoop-shaded-guava]] - maybe this might be a solution for curator-client. Or possibly, just inlining the guava code that curator-client needs.

> Update dependency com.google.guava:guava of org.apache.curator:curator-client
> -----------------------------------------------------------------------------
>
>                 Key: CURATOR-502
>                 URL: https://issues.apache.org/jira/browse/CURATOR-502
>             Project: Apache Curator
>          Issue Type: Bug
>          Components: Client
>    Affects Versions: 4.1.0
>            Reporter: DW
>            Priority: Major
>
> Please update the dependency com.google.guava:guava of org.apache.curator:curator-client due to open security vulnerability of the used com.google.guava:guava 20.0 [(including) 11.0 up to (excluding) 24.1.1]. Please upgrade to 24.1.1+. If you need the CVE number, let me know.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)