[jira] [Updated] (CASSJAVA-53) Update Guava version used in cassandra-java-driver

Bret McGuire (Jira) Thu, 16 Jan 2025 07:02:15 -0800


     [ 
https://issues.apache.org/jira/browse/CASSJAVA-53?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Bret McGuire updated CASSJAVA-53:
---------------------------------
    Fix Version/s: 4.19.0

> Update Guava version used in cassandra-java-driver
> --------------------------------------------------
>
>                 Key: CASSJAVA-53
>                 URL: https://issues.apache.org/jira/browse/CASSJAVA-53
>             Project: Apache Cassandra Java driver
>          Issue Type: Task
>            Reporter: Bret McGuire
>            Assignee: Lukasz Antoniak
>            Priority: Normal
>             Fix For: 4.19.0
>
>
> Once java-driver-shaded-guava is brought in to the project (see CASSJAVA-52) 
> we need to look into an upgrade to the version of Guava it provides.  There 
> are at least a couple known CVEs that affect Guava 25.1:
>  
>  
> [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908]
> [CVE-2023-2976|https://nvd.nist.gov/vuln/detail/CVE-2023-2976] 
>  
> See [JAVA-3103|https://datastax-oss.atlassian.net/browse/JAVA-3103] for some 
> additional context here.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (CASSJAVA-53) Update Guava version used in cassandra-java-driver

Reply via email to