[ https://issues.apache.org/jira/browse/ARTEMIS-2359?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Domenico Bruscino updated ARTEMIS-2359: --------------------------------------- Summary: Upgrade to Guava 24.1.1 (was: Upgrade to Guava 24.1) > Upgrade to Guava 24.1.1 > ----------------------- > > Key: ARTEMIS-2359 > URL: https://issues.apache.org/jira/browse/ARTEMIS-2359 > Project: ActiveMQ Artemis > Issue Type: Task > Components: Broker > Affects Versions: 2.8.1 > Reporter: Domenico Bruscino > Priority: Major > Time Spent: 1h 10m > Remaining Estimate: 0h > > Google Guava versions 11.0 through 24.1 are vulnerable to unbounded memory > allocation in the AtomicDoubleArray class (when serialized with Java > serialization) and Compound Ordering class (when serialized with GWT > serialization). An attacker could exploit applications that use Guava and > deserialize untrusted data to cause a denial of service. Could you upgrade > guava to version 24.1.1 or above? > [https://github.com/google/guava/wiki/CVE-2018-10237] -- This message was sent by Atlassian JIRA (v7.6.3#76005)