Sec vul: CVE-2023-2976 from google-guava dep #950
Comments
copybara-service bot
pushed a commit
to google/turbine
that referenced
this issue
Jul 27, 2023
google/google-java-format#950 PiperOrigin-RevId: 551366256
This was referenced Jul 27, 2023
Closed
copybara-service bot
pushed a commit
that referenced
this issue
Jul 27, 2023
#950 PiperOrigin-RevId: 551366256
copybara-service bot
pushed a commit
that referenced
this issue
Jul 27, 2023
#950 PiperOrigin-RevId: 551370402
copybara-service bot
pushed a commit
to google/turbine
that referenced
this issue
Jul 27, 2023
google/google-java-format#950 PiperOrigin-RevId: 551370402
|
It looks like this change is already in the master branch. Is there an estimated timeline for when the next release will be? |
|
It would be great if a patch release can be made for this change, please do expedite it. |
|
Another vote for this - this issue prevents the intellij plugin from being used in a corporate environment |
treblereel
pushed a commit
to treblereel/turbine
that referenced
this issue
Sep 28, 2023
google/google-java-format#950 PiperOrigin-RevId: 551370402
|
I pushed a release that includes the Guava dependency update: https://github.com/google/google-java-format/releases/tag/v1.18.0 |
|
The IntelliJ plugin needs to be updated to use new version and released It is still referencing 1.17.0 Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Can you update the version of google guava used to 32.0.1 or higher to resolve CVE-2023-2976 for the next release?
https://nvd.nist.gov/vuln/detail/CVE-2023-2976
https://mvnrepository.com/artifact/com.google.googlejavaformat/google-java-format/1.17.0
https://mvnrepository.com/artifact/com.google.guava/guava
The text was updated successfully, but these errors were encountered: