You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@tez.apache.org by "László Bodor (Jira)" <ji...@apache.org> on 2022/06/16 14:53:00 UTC

[jira] [Commented] (TEZ-4429) Upgrade guava to 31.1 to fix CVE-2020-8908

    [ https://issues.apache.org/jira/browse/TEZ-4429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17555114#comment-17555114 ] 

László Bodor commented on TEZ-4429:
-----------------------------------

thanks for reporting this [~ayushtkn]! can you please check on which guava does hadoop 3.3.1 or 3.3.3 depend on? (we're on 3.3.1, planning to move to 3.3.3 soon I believe)
we usually try to follow hadoop's dependency versions (even if guava is shaded there), so I'm just asking this for curiosity...

> Upgrade guava to 31.1 to fix CVE-2020-8908
> ------------------------------------------
>
>                 Key: TEZ-4429
>                 URL: https://issues.apache.org/jira/browse/TEZ-4429
>             Project: Apache Tez
>          Issue Type: Improvement
>            Reporter: Ayush Saxena
>            Assignee: Ayush Saxena
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.7#820007)