You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Alex Rudyy (JIRA)" <ji...@apache.org> on 2018/11/05 10:42:00 UTC
[jira] [Assigned] (QPID-8256) [Broker-J] Update Guava to version
27.0
[ https://issues.apache.org/jira/browse/QPID-8256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Rudyy reassigned QPID-8256:
--------------------------------
Assignee: Alex Rudyy
> [Broker-J] Update Guava to version 27.0
> ---------------------------------------
>
> Key: QPID-8256
> URL: https://issues.apache.org/jira/browse/QPID-8256
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Reporter: Alex Rudyy
> Assignee: Alex Rudyy
> Priority: Major
> Fix For: qpid-java-broker-7.1.0, qpid-java-broker-7.0.7, qpid-java-6.1.8
>
>
> The Qpid Broker depends on an older guava version 0.22 which is affected by vulnerability [CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237]. It does not look like vulnerability [CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237] can be exploited with Qpid Broker, as impacted guava classes {{AtomicDoubleArray}} and {{CompoundOrdering}} are not used directly or indirectly within Qpid Broker code.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org