Alex Rudyy created QPID-8256: -------------------------------- Summary: [Broker-J] Update Guava to version 27.0 Key: QPID-8256 URL: https://issues.apache.org/jira/browse/QPID-8256 Project: Qpid Issue Type: Bug Components: Broker-J Reporter: Alex Rudyy Fix For: qpid-java-6.1.8, qpid-java-broker-7.1.0, qpid-java-broker-7.0.7
The Qpid Broker depends on an older guava version 0.22 which is affected by vulnerability [CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237]. It does not look like vulnerability [CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237] can be exploited with Qpid Broker, as impacted guava classes {{AtomicDoubleArray}} and {{CompoundOrdering}} are not used directly within Qpid Broker code. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org