You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "clebert suconic (Jira)" <ji...@apache.org> on 2019/08/26 15:29:02 UTC

[jira] [Closed] (ARTEMIS-2359) Upgrade to Guava 24.1

     [ https://issues.apache.org/jira/browse/ARTEMIS-2359?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

clebert suconic closed ARTEMIS-2359.
------------------------------------

> Upgrade to Guava 24.1
> ---------------------
>
>                 Key: ARTEMIS-2359
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2359
>             Project: ActiveMQ Artemis
>          Issue Type: Task
>          Components: Broker
>    Affects Versions: 2.8.1
>            Reporter: Domenico Bruscino
>            Priority: Major
>             Fix For: 2.10.0
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Google Guava versions 11.0 through 24.1 are vulnerable to unbounded memory allocation in the AtomicDoubleArray class (when serialized with Java serialization) and Compound Ordering class (when serialized with GWT serialization). An attacker could exploit applications that use Guava and deserialize untrusted data to cause a denial of service. Could you upgrade guava to version 24.1
> or above?
> [https://github.com/google/guava/wiki/CVE-2018-10237]



--
This message was sent by Atlassian Jira
(v8.3.2#803003)