You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@orc.apache.org by "Panagiotis Garefalakis (Jira)" <ji...@apache.org> on 2020/02/13 12:32:00 UTC
[jira] [Updated] (ORC-599) Bump guava version to 28.1-jre
[ https://issues.apache.org/jira/browse/ORC-599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Panagiotis Garefalakis updated ORC-599:
---------------------------------------
Description: Even though guava dependency is used only by Test classes it make sense to upgrade due to known security vulnerabilities [https://nvd.nist.gov/vuln/detail/CVE-2018-10237] and to reduce the dependency footprint e.g. Apache Hive is upgrading to 28.1-jre https://issues.apache.org/jira/browse/HIVE-21569
> Bump guava version to 28.1-jre
> ------------------------------
>
> Key: ORC-599
> URL: https://issues.apache.org/jira/browse/ORC-599
> Project: ORC
> Issue Type: Improvement
> Affects Versions: 1.5.1, master
> Reporter: Panagiotis Garefalakis
> Assignee: Panagiotis Garefalakis
> Priority: Major
> Fix For: 1.5.10, master
>
>
> Even though guava dependency is used only by Test classes it make sense to upgrade due to known security vulnerabilities [https://nvd.nist.gov/vuln/detail/CVE-2018-10237] and to reduce the dependency footprint e.g. Apache Hive is upgrading to 28.1-jre https://issues.apache.org/jira/browse/HIVE-21569
--
This message was sent by Atlassian Jira
(v8.3.4#803005)