Loading...

XML

Word

Printable

Type: Component Upgrade
Resolution: Done
Priority: Major
Fix Version/s: 29.0.0.Final
Affects Version/s: None
Component/s: Batch, Clustering, JMS, REST, Web Services
Labels:
None

Git Pull Request:
https://github.com/wildfly/wildfly/pull/17011
[QE] How to address?:
---
[QE] Why QE missed?:
---

Our current guava release has a CVE (CVE-2023-2976); update it.

Moving to 32.0.1 is sufficient to resolve the CVE but it seems reasonable to go to the latest release, 32.1.1.

31.1 -> 32.1.1 https://github.com/google/guava/compare/v31.1...v32.1.1

31.1 -> 32.0.1 https://github.com/google/guava/compare/v31.1...v32.0.1

32.0.1 -> 32.1.1 https://github.com/google/guava/compare/v32.0.1...v32.1.1

is cloned by

JBERET-592 Upgrade Guava for 31.1 to 32.1.1 (resolves CVE-2023-2976)

Resolved

JBEAP-25356 (8.0.0) Upgrade Guava from 31.1.0.jre-redhat-00001 to 32.1.1.jre-redhat-00001

Closed

Assignee:: Brian Stansberry

Reporter:: Brian Stansberry

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2023/07/11 5:27 PM

Updated:: 2023/08/09 4:47 AM

Resolved:: 2023/07/13 6:08 PM