You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our project is using jmxutils and our dependency vulnerability scanning is reporting a Guava vulnerability CVE-2020-8908 that's being brought in by jmxutils. I'm not sure if the project is still active, but is there any possibility the version of Guava could be bumped to resolve this? Because Guava is shaded we can't upgrade the version on our end.
Thanks!
The text was updated successfully, but these errors were encountered:
parislarkins
changed the title
Bump guava version to 30.0+ to fix https://nvd.nist.gov/vuln/detail/CVE-2020-8908
Bump guava version to 30.0+ to fix CVE-2020-8908
Nov 25, 2021
Hi there,
Our project is using
jmxutils
and our dependency vulnerability scanning is reporting a Guava vulnerability CVE-2020-8908 that's being brought in byjmxutils
. I'm not sure if the project is still active, but is there any possibility the version of Guava could be bumped to resolve this? Because Guava is shaded we can't upgrade the version on our end.Thanks!
The text was updated successfully, but these errors were encountered: