search

google / mug

A small Java 8 library (string manipulation, stream utils)
Apache License 2.0
367 stars 65 forks source link

There is a vulnerability inGuava: Google Core Libraries for Java 29.0-jre,upgrade recommended #20

Closed QiAnXinCodeSafe closed 3 years ago

QiAnXinCodeSafe commented 3 years ago

https://github.com/google/mug/blob/e920c1fe715bbfe9326e19dfd202bdfbb65c30b3/mug-guava/pom.xml#L21

CVE-2020-8908

Recommended upgrade version:30.0-jre

aabhasg commented 3 years ago

Hi @fluentfuture,

Shall we update version to 30.1-jre for below dependencies -

  1. com.google.guava : guava-testlib
  2. com.google.guava : guava

Please let me know if it is feasible, I would like to do it.

aabhasg commented 3 years ago

We can merge PR #21 for this change

aabhasg commented 3 years ago

Hi @QiAnXinCodeSafe We did the changes, please review and close this issue.

aabhasg commented 3 years ago

Thank you @fluentfuture for merging the PR.

Please help to close this issue as well.