[BUG] Fix CVE-2023-2976 #2940
Assignees
Comments
stephen-crawford
added
bug
|
Addressed by #2937. |
3 tasks
cwperks
pushed a commit
that referenced
this issue
Jul 31, 2023
### Description Update guava to address [CVE-2023-2976](https://www.cve.org/CVERecord?id=CVE-2023-2976). Seems like this has been resolved for 2.x so this PR is for the 1.3 branch. ### Issues Resolved #2940 ### Check List - [ ] ~~New functionality includes testing~~ - [ ] ~~New functionality has been documented~~ - [x] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). --------- Signed-off-by: Josh Aguilar <[email protected]> Signed-off-by: Stephen Crawford <[email protected]> Co-authored-by: Stephen Crawford <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the bug?
We make use of Guava as part of the spotless and checkstyle build processes. It is not clear whether there is a concern if these style checking functions make use of a flagged library. We should address this just in case.
The text was updated successfully, but these errors were encountered: