Skip to content

[MNG-7828] Bump guava from 31.1-jre to 32.0.1-jre#1189

Merged
gnodet merged 1 commit intoapache:maven-3.9.xfrom
bvolpato:bump-guava-3.9.x
Jul 11, 2023
Merged

[MNG-7828] Bump guava from 31.1-jre to 32.0.1-jre#1189
gnodet merged 1 commit intoapache:maven-3.9.xfrom
bvolpato:bump-guava-3.9.x

Conversation

@bvolpato
Copy link
Contributor

@bvolpato bvolpato commented Jun 28, 2023

Update due to CVE-2023-2976.

See https://issues.apache.org/jira/browse/MNG-7828 for more context.

@cstamas
Copy link
Member

cstamas commented Jun 28, 2023

Similar change will be needed for master branch as well.

@bvolpato bvolpato mentioned this pull request Jun 28, 2023
Merged
@bvolpato
Copy link
Contributor Author

bvolpato commented Jun 28, 2023

Thanks! #1191 for master

@bvolpato
Copy link
Contributor Author

bvolpato commented Jul 6, 2023

Can a committer merge this PR? Thanks!

@gnodet gnodet merged commit 3f37e6a into apache:maven-3.9.x Jul 11, 2023
@gnodet gnodet added this to the 3.9.4 milestone Jul 11, 2023
@bvolpato bvolpato deleted the bump-guava-3.9.x branch July 13, 2023 04:56
@dimon222
Copy link

dimon222 commented Jul 19, 2023

Any approximation when will 3.9.4 arrive with this patch? CVE is really holding.

@cstamas
Copy link
Member

cstamas commented Jul 19, 2023

Current plan:

ASF vote process is 72h, so this above is 72+72h and will start my next (European) morning most probably

@apache apache locked as resolved and limited conversation to collaborators Jul 24, 2023
@jira-importer
Copy link

jira-importer commented Jul 7, 2025

Resolve #9091

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@cstamas cstamas cstamas approved these changes

@slachiewicz slachiewicz slachiewicz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

3.9.4

Development

Successfully merging this pull request may close these issues.

6 participants

@bvolpato @cstamas @dimon222 @jira-importer @slachiewicz @gnodet