[jira] [Updated] (CXF-8901) Update Guava to 32.1.1 (solving CVE-2023-2976)

Andriy Redko (Jira) Tue, 11 Jul 2023 15:18:20 -0700


     [ 
https://issues.apache.org/jira/browse/CXF-8901?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andriy Redko updated CXF-8901:
------------------------------
    Fix Version/s: 3.5.7
                   3.6.2
                   4.0.3

> Update Guava to 32.1.1 (solving CVE-2023-2976)
> ----------------------------------------------
>
>                 Key: CXF-8901
>                 URL: https://issues.apache.org/jira/browse/CXF-8901
>             Project: CXF
>          Issue Type: Improvement
>            Reporter: Andre Schlegel-Tylla
>            Assignee: Andriy Redko
>            Priority: Major
>              Labels: security-issue
>             Fix For: 3.5.7, 3.6.2, 4.0.3
>
>
> Currently Guava 30.1-re 
> ([https://github.com/apache/cxf/blob/f615b09bf9eaffc532ba08dcf198eb831b6f484f/parent/pom.xml#L123)]
>  is used.
>  
> Our dependency checker shows a potential security issue CVE-2023-2976 with 
> this version.
>  
> Please update Guava at least to 32.0.1 (recommended version in the CVE).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-8901) Update Guava to 32.1.1 (solving CVE-2023-2976)

Reply via email to