Closed kittsville closed 5 years ago
Merging #498 into develop will not change coverage. The diff coverage is
n/a
.
@@ Coverage Diff @@
## develop #498 +/- ##
========================================
Coverage 92.49% 92.49%
========================================
Files 244 244
Lines 3890 3890
Branches 288 288
========================================
Hits 3598 3598
Misses 292 292
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update feb887e...4e5ca33. Read the comment docs.
Fixed in 826fabb251f06844ad75e65091cda657cb956c01
whoops, sorry, I should have replied to your PR! I think the good news is that looking at the CVE, I think we weren't affected since we didn't use guava's serialization stuff (as far as I know). Thanks for the bug report!
Problem
Google's Guava 19.0 has a medium severity vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2018-10237
Solution
Update Guava to a version not vulnerable