[
https://issues.apache.org/jira/browse/SOLR-13506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16853034#comment-16853034
]
Dawid Weiss commented on SOLR-13506:
------------------------------------
We will remove it when we update the plugin to a dependency-free version. This
said, it's a repackaged guava and the classes actually used by the plugin have
no security implications.
> Upgrade carrot2-guava-*.jar
> ----------------------------
>
> Key: SOLR-13506
> URL: https://issues.apache.org/jira/browse/SOLR-13506
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: contrib - Clustering
> Affects Versions: 7.7.1, 8.0, 8.1
> Reporter: DW
> Assignee: Dawid Weiss
> Priority: Major
>
> The Solr package contains /contrib/clustering/lib/carrot2-guava-18.0.jar.
> [cpe:/a:google:guava:18.0|https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Agoogle%3Aguava%3A18.0]
> has know security vulnerabilities.
> Can you please upgrade the library or remove if not needed.
> Thanks.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
