[CXF-8901] Update Guava to 32.1.1 (solving CVE-2023-2976) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.5.7, 3.6.2, 4.0.3
Component/s: None
Labels:
- security-issue

Estimated Complexity:
Unknown

Description

Currently Guava 30.1-re (https://github.com/apache/cxf/blob/f615b09bf9eaffc532ba08dcf198eb831b6f484f/parent/pom.xml#L123) is used.

Our dependency checker shows a potential security issue CVE-2023-2976 with this version.

Please update Guava at least to 32.0.1 (recommended version in the CVE).

Attachments

Activity

People

Assignee:: Andriy Redko

Reporter:: Andre Schlegel-Tylla

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 11/Jul/23 09:20

Updated:: 18/Sep/23 18:48

Resolved:: 12/Jul/23 01:50