[jira] [Commented] (JCLOUDS-1470) Vulnarable Guava dependency dragged from jclouds-driver

[Vasil (Jira)]

    [ 
https://issues.apache.org/jira/browse/JCLOUDS-1470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16941059#comment-16941059
 ] 

Vasil commented on JCLOUDS-1470:
--------------------------------

According to the CVE the vulnerability is preset in guava versions up to 
24.1.1. Is there any chance of adoption of a newer version for the jclouds 
project? 

> Vulnarable Guava dependency dragged from jclouds-driver
> -------------------------------------------------------
>
>                 Key: JCLOUDS-1470
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1470
>             Project: jclouds
>          Issue Type: Bug
>          Components: jclouds-core
>    Affects Versions: 2.1.1
>            Reporter: Blagoi Anastasov
>            Priority: Major
>              Labels: guava
>
> It looks like jclouds-driver drags old(from 2014) and vulnerable guava 
> dependency - 18.0.
> [https://nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Agoogle%3Aguava%3A18.0]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)