[ https://issues.apache.org/jira/browse/MNG-7828?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tamas Cservenak updated MNG-7828: --------------------------------- Summary: Bump guava from 31.1-jre to 32.0.1-jre (was: Bump guava from 31.1-android to 32.0.1-android) > Bump guava from 31.1-jre to 32.0.1-jre > -------------------------------------- > > Key: MNG-7828 > URL: https://issues.apache.org/jira/browse/MNG-7828 > Project: Maven > Issue Type: Dependency upgrade > Affects Versions: 3.9.x-candidate, 4.0.x-candidate > Reporter: Bruno Candido Volpato da Cunha > Priority: Major > > Currently used version is in the range of CVE-2023-2976, which was fixed in > 32.0.0. > > Please check [https://osv.dev/vulnerability/GHSA-7g45-4rm6-3mm3] for more > information. -- This message was sent by Atlassian Jira (v8.20.10#820010)