[ https://issues.apache.org/jira/browse/SOLR-13506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16853034#comment-16853034 ]
Dawid Weiss commented on SOLR-13506: ------------------------------------ We will remove it when we update the plugin to a dependency-free version. This said, it's a repackaged guava and the classes actually used by the plugin have no security implications. > Upgrade carrot2-guava-*.jar > ---------------------------- > > Key: SOLR-13506 > URL: https://issues.apache.org/jira/browse/SOLR-13506 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Components: contrib - Clustering > Affects Versions: 7.7.1, 8.0, 8.1 > Reporter: DW > Assignee: Dawid Weiss > Priority: Major > > The Solr package contains /contrib/clustering/lib/carrot2-guava-18.0.jar. > [cpe:/a:google:guava:18.0|https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Agoogle%3Aguava%3A18.0] > has know security vulnerabilities. > Can you please upgrade the library or remove if not needed. > Thanks. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org