Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There is a vulnerability in Guava: Google Core Libraries for Java 24.1.1-jre,upgrade recommended #67

Open
QiAnXinCodeSafe opened this issue Dec 28, 2020 · 1 comment
Open

There is a vulnerability in Guava: Google Core Libraries for Java 24.1.1-jre,upgrade recommended #67

QiAnXinCodeSafe opened this issue Dec 28, 2020 · 1 comment
Labels
dependencies Pull requests that update a dependency file

Comments

@QiAnXinCodeSafe
Copy link

myanmar-tools/genconvert/pom.xml

Line 30 in adc4db2

<version>24.1.1-jre</version>

CVE-2020-8908
Recommended upgrade version:
30.0-jre
@sffc
Copy link
Collaborator

sffc commented Dec 28, 2020

The genconvert project runs offline in a controlled environment. Previously when I've tried upgrading Guava, there have been backwards-incompatible changes, particularly with the required Java version. I don't want to mess with genconvert unnecessarily, but next time someone tries running the tool, thet can consider bumping the Guava version.

@sffc sffc added the dependencies Pull requests that update a dependency file label Dec 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sffc @QiAnXinCodeSafe