[jira] [Created] (ARTEMIS-2359) Upgrade to Guava 24.1

Domenico Bruscino (JIRA) Wed, 29 May 2019 07:44:08 -0700

Domenico Bruscino created ARTEMIS-2359:
------------------------------------------


             Summary: Upgrade to Guava 24.1
                 Key: ARTEMIS-2359
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2359
             Project: ActiveMQ Artemis
          Issue Type: Task
          Components: Broker
    Affects Versions: 2.8.1
            Reporter: Domenico Bruscino


Google Guava versions 11.0 through 24.1 are vulnerable to unbounded memory 
allocation in the AtomicDoubleArray class (when serialized with Java 
serialization) and Compound Ordering class (when serialized with GWT 
serialization). An attacker could exploit applications that use Guava and 
deserialize untrusted data to cause a denial of service. Could you upgrade 
guava to version 24.1 or above?

[https://github.com/google/guava/wiki/CVE-2018-10237]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (ARTEMIS-2359) Upgrade to Guava 24.1

Reply via email to