[ https://issues.apache.org/jira/browse/MNG-7828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17744683#comment-17744683 ]
ASF GitHub Bot commented on MNG-7828: ------------------------------------- cstamas commented on PR #1189: URL: https://github.com/apache/maven/pull/1189#issuecomment-1642307816 Current plan: * release resolver 1.9.14 https://issues.apache.org/jira/issues/?jql=project%20%3D%20MRESOLVER%20AND%20fixVersion%20%3D%201.9.14 * after that release Maven 3.9.4 https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20fixVersion%20%3D%203.9.4 ASF vote process is 72h, so this above is 72+72h and will start my next (European) morning most probably > Bump guava from 31.1-jre to 32.0.1-jre > -------------------------------------- > > Key: MNG-7828 > URL: https://issues.apache.org/jira/browse/MNG-7828 > Project: Maven > Issue Type: Dependency upgrade > Affects Versions: 3.9.x-candidate, 4.0.x-candidate > Reporter: Bruno Candido Volpato da Cunha > Assignee: Guillaume Nodet > Priority: Major > Fix For: 3.9.4, 4.0.0-alpha-8 > > > Currently used version is in the range of CVE-2023-2976, which was fixed in > 32.0.0. > > Please check [https://osv.dev/vulnerability/GHSA-7g45-4rm6-3mm3] for more > information. -- This message was sent by Atlassian Jira (v8.20.10#820010)