Skip to content

Commit

Permalink
update guava to 32.0.1-jre to address CVEs (apache#15482)
Browse files Browse the repository at this point in the history 
Update guava to 32.0.1-jre to address two CVEs: CVE-2020-8908, CVE-2023-2976
This change requires a minor test change to remove assumptions about ordering.

---------

Co-authored-by: Xavier Léauté <[email protected]>
  • Loading branch information
@janjwerner-confluent @xvrl @Pankaj260100
2 people authored and Pankaj260100 committed Dec 13, 2023
1 parent c29b91d commit 4889bfe
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion licenses.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -364,7 +364,7 @@ name: Guava
license_category: binary
module: java-core
license_name: Apache License version 2.0
version: 31.1-jre
version: 32.0.1-jre
libraries:
- com.google.guava: guava

Expand Down
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@
<dropwizard.metrics.version>4.2.22</dropwizard.metrics.version>
<errorprone.version>2.20.0</errorprone.version>
<fastutil.version>8.5.4</fastutil.version>
<guava.version>31.1-jre</guava.version>
<guava.version>32.0.1-jre</guava.version>
<guice.version>4.1.0</guice.version>
<hamcrest.version>1.3</hamcrest.version>
<jetty.version>9.4.53.v20231009</jetty.version>
Expand Down
4 changes: 2 additions & 2 deletions server/src/test/java/org/apache/druid/metadata/SqlSegmentsMetadataManagerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -283,11 +283,11 @@ public void testPollPeriodicallyAndOnDemandInterleave() throws Exception
Assert.assertTrue(sqlSegmentsMetadataManager.getLatestDatabasePoll() instanceof SqlSegmentsMetadataManager.PeriodicDatabasePoll);
dataSourcesSnapshot = sqlSegmentsMetadataManager.getDataSourcesSnapshot();
Assert.assertEquals(
ImmutableList.of("wikipedia3", "wikipedia", "wikipedia2"),
ImmutableSet.of("wikipedia2", "wikipedia3", "wikipedia"),
dataSourcesSnapshot.getDataSourcesWithAllUsedSegments()
.stream()
.map(ImmutableDruidDataSource::getName)
.collect(Collectors.toList())
.collect(Collectors.toSet())
);
}

Expand Down

0 comments on commit 4889bfe

Please sign in to comment.