[
https://issues.apache.org/jira/browse/MNG-7828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17746620#comment-17746620
]
ASF GitHub Bot commented on MNG-7828:
-------------------------------------
slachiewicz commented on PR #1191:
URL: https://github.com/apache/maven/pull/1191#issuecomment-1648505273
not at this moment. Can You share more details (maybe links to bug reports
to plugins repos?) about what issues Your projects have with Maven 3.9. This is
active maintenance line of Maven.
> Bump guava from 31.1-jre to 32.0.1-jre
> --------------------------------------
>
> Key: MNG-7828
> URL: https://issues.apache.org/jira/browse/MNG-7828
> Project: Maven
> Issue Type: Dependency upgrade
> Affects Versions: 3.9.x-candidate, 4.0.x-candidate
> Reporter: Bruno Candido Volpato da Cunha
> Assignee: Guillaume Nodet
> Priority: Major
> Fix For: 3.9.4, 4.0.0-alpha-8
>
>
> Currently used version is in the range of CVE-2023-2976, which was fixed in
> 32.0.0.
>
> Please check [https://osv.dev/vulnerability/GHSA-7g45-4rm6-3mm3] for more
> information.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
