[jira] [Updated] (SLING-11124) Update Guava Dependency for CVE CVE-2018-10237 and CVE-2020-8908
[ https://issues.apache.org/jira/browse/SLING-11124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrei Dulvac updated SLING-11124: -- Affects Version/s: Apache Sling Testing Clients 3.0.8 (was: Apache Sling Testing Clients 3.0.6) > Update Guava Dependency for CVE CVE-2018-10237 and CVE-2020-8908 > > > Key: SLING-11124 > URL: https://issues.apache.org/jira/browse/SLING-11124 > Project: Sling > Issue Type: Task > Components: Apache Sling Testing Clients >Affects Versions: Apache Sling Testing Clients 3.0.8 >Reporter: Andrei Tuicu >Assignee: Andrei Dulvac >Priority: Major > Fix For: Apache Sling Testing Clients 3.0.6 > > Time Spent: 40m > Remaining Estimate: 0h > > Sling testing clients are using com.google.guava guava 14.0.1 which is > vulnerable to CVE-2018-10237(MEDIUM) [1] and CVE-2020-8908(LOW) [2]. > Mitigation: update to latest guava 31.0.1-android > [1] https://www.cvedetails.com/cve/CVE-2018-10237/ > [2] https://www.cvedetails.com/cve/CVE-2020-8908/ -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (SLING-11124) Update Guava Dependency for CVE CVE-2018-10237 and CVE-2020-8908
[ https://issues.apache.org/jira/browse/SLING-11124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrei Dulvac updated SLING-11124: -- Fix Version/s: Apache Sling Testing Clients 3.0.8 (was: Apache Sling Testing Clients 3.0.6) > Update Guava Dependency for CVE CVE-2018-10237 and CVE-2020-8908 > > > Key: SLING-11124 > URL: https://issues.apache.org/jira/browse/SLING-11124 > Project: Sling > Issue Type: Task > Components: Apache Sling Testing Clients >Affects Versions: Apache Sling Testing Clients 3.0.8 >Reporter: Andrei Tuicu >Assignee: Andrei Dulvac >Priority: Major > Fix For: Apache Sling Testing Clients 3.0.8 > > Time Spent: 40m > Remaining Estimate: 0h > > Sling testing clients are using com.google.guava guava 14.0.1 which is > vulnerable to CVE-2018-10237(MEDIUM) [1] and CVE-2020-8908(LOW) [2]. > Mitigation: update to latest guava 31.0.1-android > [1] https://www.cvedetails.com/cve/CVE-2018-10237/ > [2] https://www.cvedetails.com/cve/CVE-2020-8908/ -- This message was sent by Atlassian Jira (v8.20.1#820001)