Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ARTEMIS-2359 Upgrade to Guava 24.1 #2687

Merged
merged 1 commit into from May 31, 2019
Merged

ARTEMIS-2359 Upgrade to Guava 24.1 #2687

merged 1 commit into from May 31, 2019

Conversation

brusdev
Copy link
Member

@brusdev brusdev commented May 30, 2019

CVE-2018-10237 guava: Unbounded memory allocation in AtomicDoubleArray
and CompoundOrdering classes allow remote attackers to cause a denial
of service.

clebertsuconic
clebertsuconic reviewed May 30, 2019
View reviewed changes
pom.xml
@@ -800,6 +800,12 @@
<scope>provided</scope>
<!-- License: Apache 2.0 -->
</dependency>
<dependency>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Guava is only used by airlift.. Do we really need to add the dependency globally?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see your point but airlift/airline is added as global dependency and Guava is used by artemis-cli (XmlDataExporterUtil), by integrations-tests (MethodCalledVerifier) by airlift/airline and by hawtio/web.
Airlift/airline is added as global dependency, as artemis-cli dependency and as artemis-distribution dependency.
Hawtio/web is added as artemis-console dependency.

@clebertsuconic
Copy link
Contributor

can you rebase please?

@brusdev
ARTEMIS-2359 Upgrade to Guava 24.1
d708be3 
CVE-2018-10237 guava: Unbounded memory allocation in AtomicDoubleArray
and CompoundOrdering classes allow remote attackers to cause a denial
of service.
@brusdev
Copy link
Member Author

brusdev commented May 31, 2019
edited

rebased

@asfgit asfgit merged commit d708be3 into apache:master May 31, 2019
asfgit pushed a commit that referenced this pull request May 31, 2019
@clebertsuconic
This closes #2687
d5257ff
@brusdev brusdev mentioned this pull request Jun 17, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clebertsuconic clebertsuconic clebertsuconic left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@brusdev @clebertsuconic @asfgit