Bipin Prasad created STORM-3754:
-----------------------------------
Summary: Upgrade Guava version because of security vulnerability
Key: STORM-3754
URL: https://issues.apache.org/jira/browse/STORM-3754
Project: Apache Storm
Issue Type: Improvement
Components: storm-hdfs, storm-hive
Reporter: Bipin Prasad
storm-hdfs-examples and storm-hive-examples use com.google.guava:guava:16.0.1
This has know vulnerability https://nvd.nist.gov/vuln/detail/CVE-2018-10237
"Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1
allows remote attackers to conduct denial of service attack."
The guava version downgrade was required earlier because of hadoop-hdfs 2.6.1.
Since storm is now using hadoop-hdfs 2.8.5, this downgrade may not be necessary.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
