[
https://issues.apache.org/jira/browse/CASSJAVA-83?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17939800#comment-17939800
]
Bret McGuire commented on CASSJAVA-83:
--------------------------------------
Closing this for now as a "Won't Fix" given that simply including the current
(as of this writing) version of Guava in project dependencies works without
issue. We can re-open this if there's interest in re-considering in the future
but at the moment there's no actual work to do here.
> Update Guava version used in cassandra-java-driver 3.x branch
> -------------------------------------------------------------
>
> Key: CASSJAVA-83
> URL: https://issues.apache.org/jira/browse/CASSJAVA-83
> Project: Apache Cassandra Java driver
> Issue Type: Task
> Reporter: Brandon Bordeaux
> Priority: Normal
>
> Java driver 3.12.1 has some CVE's associated with the Guava version (16.0.1).
> CASSJAVA-53 updated Guava for the 4.x branch; this ticket requests the same
> be done for the 3.x branch.
> Vulnerabilities from Nessus Scan:
> * CVE-2023-2976
> * CVE-2018-10237
> * sonatype-2020-0926
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
