You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@rocketmq.apache.org by GitBox <gi...@apache.org> on 2022/02/05 14:56:18 UTC

[GitHub] [rocketmq] pjfanning opened a new issue #3818: upgrade guava due to CVE

pjfanning opened a new issue #3818:
URL: https://github.com/apache/rocketmq/issues/3818


   
   **BUG REPORT**
   
   Current pom.xml has guava 19.0. This jar has 2 security vulnerabilities - https://mvnrepository.com/artifact/com.google.guava/guava/19.0
   
   Can we upgrade to v31.0.1-jre?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [rocketmq] caigy commented on issue #3818: upgrade guava due to CVE

Posted by GitBox <gi...@apache.org>.

caigy commented on issue #3818:
URL: https://github.com/apache/rocketmq/issues/3818#issuecomment-1030742225


   Upgrading Guava is OK, but it seems that there is no reference to Guava in RocketMQ.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [rocketmq] pjfanning commented on issue #3818: upgrade guava due to CVE

Posted by GitBox <gi...@apache.org>.

pjfanning commented on issue #3818:
URL: https://github.com/apache/rocketmq/issues/3818#issuecomment-1030798200


   @caigy rocketmq-filter seems has a guava dependency and appears to use guava code (imports like com.google.common.cache.Cache). 
   
   https://github.com/apache/rocketmq/blob/develop/filter/pom.xml#L41
   
   https://github.com/apache/rocketmq/blob/develop/filter/src/main/java/org/apache/rocketmq/filter/parser/SelectorParser.java#L21


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [rocketmq] duhenglucky closed issue #3818: upgrade guava due to CVE

Posted by GitBox <gi...@apache.org>.

duhenglucky closed issue #3818:
URL: https://github.com/apache/rocketmq/issues/3818


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org