[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[iot-pmc] [CQ 22437] com.google.guava:guava:28.2-android
|
http://dev.eclipse.org/ipzilla/show_bug.cgi?id=22437
--- Comment #6 from Achim Kraus <achim.kraus@xxxxxxxx> 2020-08-24 02:32:00 ---
Dear PMC,
this library should be updated in order to mitigate a reported volnerability.
CVE-2018-10237
moderate severity
Vulnerable versions: > 11.0, < 24.1.1
Patched version: 24.1.1
For me it's unclear, if californium's proxy-module is affected at all by this.
But it is much easier to use a new one, than to try to find out, where that
stuff is used, maybe indirect, by the old one.
I'm not sure, why I didn't receive the request to upload the sources, that
caused already a delay of 2 weeks.
I would like to release 2.4.0 (minor release) this Thursday (27.8.) with this
update.
So please provide your feedback:
- postpone release 2.4.0 to clarify this library (volnerability will stay
unclear for that period)
- release 2.4.0 without this CQ resolved.
- ???
best regards
Achim Kraus
--
Configure CQmail: http://dev.eclipse.org/ipzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the CQ.
