You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2021/04/08 10:10:55 UTC

[GitHub] [ozone] elek opened a new pull request #2131: Bump Guava version

elek opened a new pull request #2131:
URL: https://github.com/apache/ozone/pull/2131


   ## What changes were proposed in this pull request?
   
   Guava has a tmp directory related CVE ([CVE-2020-8908](https://github.com/advisories/GHSA-5mg8-w23w-74h3)).
   
   Based on my best knowledge Ozone is not affected, but it's hard to explain this situation for all the automated tools. Let's just bump the version to the latest one... 
   
   ## How was this patch tested?
   
   Full CI passed.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] elek commented on pull request #2131: HDDS-5074. Bump Guava version

Posted by GitBox <gi...@apache.org>.

elek commented on pull request #2131:
URL: https://github.com/apache/ozone/pull/2131#issuecomment-818561781


   Thanks, the review @adoroszlai and @jojochuang. Agree with the comment, it's not a security fix. Just makes less  false-positive problems reported... Merging it now... 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] elek merged pull request #2131: HDDS-5074. Bump Guava version

Posted by GitBox <gi...@apache.org>.

elek merged pull request #2131:
URL: https://github.com/apache/ozone/pull/2131


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] jojochuang commented on pull request #2131: HDDS-5074. Bump Guava version

Posted by GitBox <gi...@apache.org>.

jojochuang commented on pull request #2131:
URL: https://github.com/apache/ozone/pull/2131#issuecomment-816270257


   LGTM
   I just want to say that the description of that alert isn't accurate. Simply updating to guava 30 doesn't help. It requires removing the API call usage in the code. Fortunately we don't seem to use it in Ozone.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org