Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

scalacache-guava 0.28.0 contains a security threat #440

Open
maciejwitwicki opened this issue Nov 3, 2020 · 2 comments
Open

scalacache-guava 0.28.0 contains a security threat #440

maciejwitwicki opened this issue Nov 3, 2020 · 2 comments

Comments

@maciejwitwicki
Copy link

Hi,

There is a known vulnerability found in the guava 0.28-jre which is used by the latest scalacache-guava .28.0.
Guava version should be bumped to get rid of that threat.

Do you plan to bump the scalacache-guava version anytime soon?

Link to the vulnerability details: SNYK-JAVA-COMGOOGLEGUAVA-1015415

Best regards
Maciej
@lewisjkl
Copy link
Collaborator

lewisjkl commented Dec 2, 2020

Thank you for reporting this. We will definitely get this addressed in our next release. In the meantime, would you benefit from a patch release updating this?

@naphelps
Copy link

Hello, I am a project maintainer for a project called Open Horizon (https://github.com/open-horizon). We have a component project that uses Guava as part of Scala Cache and we would benefit from either a patch release fixing this vulnerability or a stable 1.0.0 release that we can update to.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lewisjkl @maciejwitwicki @naphelps