[
https://issues.apache.org/jira/browse/ARTEMIS-2359?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Domenico Bruscino updated ARTEMIS-2359:
---------------------------------------
Summary: Upgrade to Guava 24.1.1 (was: Upgrade to Guava 24.1)
> Upgrade to Guava 24.1.1
> -----------------------
>
> Key: ARTEMIS-2359
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2359
> Project: ActiveMQ Artemis
> Issue Type: Task
> Components: Broker
> Affects Versions: 2.8.1
> Reporter: Domenico Bruscino
> Priority: Major
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Google Guava versions 11.0 through 24.1 are vulnerable to unbounded memory
> allocation in the AtomicDoubleArray class (when serialized with Java
> serialization) and Compound Ordering class (when serialized with GWT
> serialization). An attacker could exploit applications that use Guava and
> deserialize untrusted data to cause a denial of service. Could you upgrade
> guava to version 24.1.1 or above?
> [https://github.com/google/guava/wiki/CVE-2018-10237]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
