Update guava jar to fix potential security vulnerability

IBMStreams / streamsx.hbase

Integration of IBM Streams and Apache HBase

http://ibmstreams.github.io/streamsx.hbase/

Other

9 stars 12 forks source link

Update guava jar to fix potential security vulnerability #143

Closed markheger closed 3 years ago

markheger commented 3 years ago

CVE-2020-8908 moderate severity Vulnerable versions: <= 29.0 Patched version: 30.0-jre

markheger commented 3 years ago

pom.xml requires the following changes

        <dependency>
            <groupId>com.google.guava</groupId>
            <artifactId>guava</artifactId>
            <version>30.0-jre</version>
            <exclusions>
                <exclusion>
                    <groupId>*</groupId>
                    <artifactId>*</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>com.google.guava</groupId>
            <artifactId>failureaccess</artifactId>
            <version>1.0.1</version>
        </dependency>