Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-2976: revbump Guava 32.0.0-jre -> 32.1.1-jre #1181

Merged
merged 1 commit into from
Jul 17, 2023

Conversation

stair-aws
Copy link
Contributor

Issue #, if available:
https://github.com/awslabs/amazon-kinesis-client/security/dependabot/6

Description of changes:
CVE-2023-2976: revbump Guava 32.0.0-jre -> 32.1.1-jre

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976

mvn clean verify yields:

[INFO] Reactor Summary for Amazon Kinesis Client Library 2.5.2-SNAPSHOT:
[INFO] 
[INFO] Amazon Kinesis Client Library ...................... SUCCESS [  0.934 s]
[INFO] Amazon Kinesis Client Library for Java ............. SUCCESS [14:26 min]
[INFO] amazon-kinesis-client-multilang .................... SUCCESS [  6.268 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  14:34 min
[INFO] Finished at: 2023-07-17T15:48:40-04:00
[INFO] ------------------------------------------------------------------------

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@stair-aws stair-aws added v2.x Issues related to the 2.x version dependencies Pull requests that update a dependency file labels Jul 17, 2023
@brendan-p-lynch brendan-p-lynch merged commit eccd6cf into awslabs:master Jul 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file v2.x Issues related to the 2.x version
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants