[ https://issues.apache.org/jira/browse/HBASE-20763?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16518559#comment-16518559 ]
Josh Elser commented on HBASE-20763: ------------------------------------ FYI [~mdrob] and [~busbey] since we chatted about this IRL on Monday. > Update guava >=24.1.1 > --------------------- > > Key: HBASE-20763 > URL: https://issues.apache.org/jira/browse/HBASE-20763 > Project: HBase > Issue Type: Task > Components: thirdparty > Reporter: Josh Elser > Assignee: Josh Elser > Priority: Major > Fix For: thirdparty-2.2.0 > > > We should update Guava in hbase-thirdparty to stop shipping the code cited as > vulnerable in CVE-2018-10237. We do not invoke this code ourselves and users > would have to try pretty hard to use it themselves, but we've seen more > strange things before ;) > Let's just bump up the dependency and move on. -- This message was sent by Atlassian JIRA (v7.6.3#76005)