You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cl...@apache.org on 2019/05/31 16:21:09 UTC
[activemq-artemis] branch master updated: ARTEMIS-2359 Upgrade to
Guava 24.1
This is an automated email from the ASF dual-hosted git repository.
clebertsuconic pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/master by this push:
new d708be3 ARTEMIS-2359 Upgrade to Guava 24.1
new d5257ff This closes #2687
d708be3 is described below
commit d708be31896907e06c8790d1bc9a34abae21cdc7
Author: brusdev <br...@gmail.com>
AuthorDate: Thu May 30 09:41:29 2019 +0200
ARTEMIS-2359 Upgrade to Guava 24.1
CVE-2018-10237 guava: Unbounded memory allocation in AtomicDoubleArray
and CompoundOrdering classes allow remote attackers to cause a denial
of service.
---
artemis-hawtio/artemis-console/pom.xml | 7 +++++++
pom.xml | 10 ++++++++--
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/artemis-hawtio/artemis-console/pom.xml b/artemis-hawtio/artemis-console/pom.xml
index 3e7e7b9..7d9f947 100644
--- a/artemis-hawtio/artemis-console/pom.xml
+++ b/artemis-hawtio/artemis-console/pom.xml
@@ -67,6 +67,12 @@
<version>${hawtio.version}</version>
<scope>provided</scope>
</dependency>
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ <version>${guava.version}</version>
+ <!-- License: Apache 2.0 -->
+ </dependency>
</dependencies>
<build>
@@ -110,6 +116,7 @@
<exclude>bower_components/jquery/src/**/*</exclude>
<exclude>bower_components/jquery/test/**/*</exclude>
<exclude>bower_components/js-logger/src/**/*</exclude>
+ <excluse>WEB-INF/lib/guava*.jar</excluse>
<excluse>WEB-INF/lib/slf4j-api*.jar</excluse>
<excluse>lib/camelModel.js</excluse>
<exclude>app/activemq/**/*</exclude>
diff --git a/pom.xml b/pom.xml
index f8c26e1..2449d7b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -84,7 +84,7 @@
<commons.beanutils.version>1.9.3</commons.beanutils.version>
<commons.collections.version>3.2.2</commons.collections.version>
<fuse.mqtt.client.version>1.14</fuse.mqtt.client.version>
- <guava.version>19.0</guava.version>
+ <guava.version>24.1-jre</guava.version>
<jboss.logging.version>3.4.0.Final</jboss.logging.version>
<jetty.version>9.4.3.v20170317</jetty.version>
<jgroups.version>3.6.13.Final</jgroups.version>
@@ -103,7 +103,7 @@
<jb.logmanager.version>2.1.10.Final</jb.logmanager.version>
<jb.slf4j-jboss-logmanager.version>1.0.4.GA</jb.slf4j-jboss-logmanager.version>
<version.org.wildfly.common.wildfly-common>1.5.1.Final</version.org.wildfly.common.wildfly-common>
- <airlift.version>0.7</airlift.version>
+ <airlift.version>0.8</airlift.version>
<geronimo.annotation.1.1.spec.version>1.0.1</geronimo.annotation.1.1.spec.version>
<geronimo.ejb.3.0.spec.version>1.0.1</geronimo.ejb.3.0.spec.version>
<geronimo.jta.1.1.spec.version>1.1.1</geronimo.jta.1.1.spec.version>
@@ -800,6 +800,12 @@
<scope>provided</scope>
<!-- License: Apache 2.0 -->
</dependency>
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ <version>${guava.version}</version>
+ <!-- License: Apache 2.0 -->
+ </dependency>
</dependencies>
</dependencyManagement>