[
https://issues.apache.org/jira/browse/MNG-7828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17746606#comment-17746606
]
ASF GitHub Bot commented on MNG-7828:
-------------------------------------
ywluogg commented on PR #1191:
URL: https://github.com/apache/maven/pull/1191#issuecomment-1648455314
Hi Maven team, I'm curious to see if Maven still considering doing patch for
3.8.X? We have customers that need to use 3.8.X since they have multiple repos
with plugins that only work in 3.8.X.
> Bump guava from 31.1-jre to 32.0.1-jre
> --------------------------------------
>
> Key: MNG-7828
> URL: https://issues.apache.org/jira/browse/MNG-7828
> Project: Maven
> Issue Type: Dependency upgrade
> Affects Versions: 3.9.x-candidate, 4.0.x-candidate
> Reporter: Bruno Candido Volpato da Cunha
> Assignee: Guillaume Nodet
> Priority: Major
> Fix For: 3.9.4, 4.0.0-alpha-8
>
>
> Currently used version is in the range of CVE-2023-2976, which was fixed in
> 32.0.0.
>
> Please check [https://osv.dev/vulnerability/GHSA-7g45-4rm6-3mm3] for more
> information.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
