You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@tez.apache.org by "László Bodor (Jira)" <ji...@apache.org> on 2022/06/16 14:53:00 UTC
[jira] [Commented] (TEZ-4429) Upgrade guava to 31.1 to fix CVE-2020-8908
[ https://issues.apache.org/jira/browse/TEZ-4429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17555114#comment-17555114 ]
László Bodor commented on TEZ-4429:
-----------------------------------
thanks for reporting this [~ayushtkn]! can you please check on which guava does hadoop 3.3.1 or 3.3.3 depend on? (we're on 3.3.1, planning to move to 3.3.3 soon I believe)
we usually try to follow hadoop's dependency versions (even if guava is shaded there), so I'm just asking this for curiosity...
> Upgrade guava to 31.1 to fix CVE-2020-8908
> ------------------------------------------
>
> Key: TEZ-4429
> URL: https://issues.apache.org/jira/browse/TEZ-4429
> Project: Apache Tez
> Issue Type: Improvement
> Reporter: Ayush Saxena
> Assignee: Ayush Saxena
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)