Vulnerable dependency guava:30.1.jre

OWASP / java-html-sanitizer

Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.

Other

850 stars 214 forks source link

Vulnerable dependency guava:30.1.jre #286

Open aschufft opened 1 year ago

aschufft commented 1 year ago

There is a dependency to com.google.guava:guava:30.1-jre which is known as vulnerable CVE-2023-2976

melloware commented 1 year ago

Two open PR's to fix it. Just waiting on @mikesamuel to merge and release.

https://github.com/OWASP/java-html-sanitizer/pull/272

https://github.com/OWASP/java-html-sanitizer/pull/284

melloware commented 8 months ago

This can be closed. Guava has been removed

benzman81 commented 7 months ago

When will there be a new release with the removal of guava? @mvsamuel @manicode @mikesamuel It is preventing the use of this tool and thus breaking our releases.