Domenico Bruscino created ARTEMIS-2359: ------------------------------------------
Summary: Upgrade to Guava 24.1 Key: ARTEMIS-2359 URL: https://issues.apache.org/jira/browse/ARTEMIS-2359 Project: ActiveMQ Artemis Issue Type: Task Components: Broker Affects Versions: 2.8.1 Reporter: Domenico Bruscino Google Guava versions 11.0 through 24.1 are vulnerable to unbounded memory allocation in the AtomicDoubleArray class (when serialized with Java serialization) and Compound Ordering class (when serialized with GWT serialization). An attacker could exploit applications that use Guava and deserialize untrusted data to cause a denial of service. Could you upgrade guava to version 24.1 or above? [https://github.com/google/guava/wiki/CVE-2018-10237] -- This message was sent by Atlassian JIRA (v7.6.3#76005)