[jira] [Created] (QPID-8256) [Broker-J] Update Guava to version 27.0

Alex Rudyy (JIRA) Fri, 02 Nov 2018 04:36:14 -0700

Alex Rudyy created QPID-8256:
--------------------------------

             Summary: [Broker-J] Update Guava to version 27.0
                 Key: QPID-8256
                 URL: https://issues.apache.org/jira/browse/QPID-8256
             Project: Qpid
          Issue Type: Bug
          Components: Broker-J
            Reporter: Alex Rudyy
             Fix For: qpid-java-6.1.8, qpid-java-broker-7.1.0, 
qpid-java-broker-7.0.7



The Qpid Broker depends on an older guava version 0.22 which is affected by 
vulnerability 
[CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237]. 
It does not look like vulnerability 
[CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237] 
can be exploited with Qpid Broker, as impacted guava classes  
{{AtomicDoubleArray}} and {{CompoundOrdering}} are not used directly within 
Qpid Broker code.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

[jira] [Created] (QPID-8256) [Broker-J] Update Guava to version 27.0

Reply via email to