Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] [Bug 547338] Update to guava 24.1.1+(fix CVE-2018-10237)

On Thu, May 16, 2019 at 10:48 AM Dietrich, Christian <christian.dietrich@xxxxxxxxx> wrote:
well the security problem is there for a long time and this was brought up on orbit in february and nothing happened. so i have doubts regarding urgency

Just for the record Orbit project itself can not do anything. It's up for some project with actual dependency on given library to open CQ for newer version and after that add it to Orbit. Once there is a fixed version in Orbit the logical step from Orbit project POV is to remove the version with CVE from its latest build.  Thus contacts should be made with the actual projects contributing the offensive versions to release train or nothing can't happen as most people probably don't read orbit-dev at all.
I know that most people know it but I felt the need to repeat it :)
cross-project-issues-dev mailing list
To change your delivery options, retrieve your password, or unsubscribe from this list, visit

Alexander Kurtakov
Red Hat Eclipse Team

Back to the top