New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sec vul: CVE-2023-2976 from google-guava dep #950
Comments
google/google-java-format#950 PiperOrigin-RevId: 551366256
#950 PiperOrigin-RevId: 551366256
#950 PiperOrigin-RevId: 551370402
google/google-java-format#950 PiperOrigin-RevId: 551370402
It looks like this change is already in the master branch. Is there an estimated timeline for when the next release will be? |
It would be great if a patch release can be made for this change, please do expedite it. |
Another vote for this - this issue prevents the intellij plugin from being used in a corporate environment |
google/google-java-format#950 PiperOrigin-RevId: 551370402
I pushed a release that includes the Guava dependency update: https://github.com/google/google-java-format/releases/tag/v1.18.0 |
The IntelliJ plugin needs to be updated to use new version and released It is still referencing 1.17.0 Thanks! |
Can you update the version of google guava used to 32.0.1 or higher to resolve CVE-2023-2976 for the next release?
https://nvd.nist.gov/vuln/detail/CVE-2023-2976
https://mvnrepository.com/artifact/com.google.googlejavaformat/google-java-format/1.17.0
https://mvnrepository.com/artifact/com.google.guava/guava
The text was updated successfully, but these errors were encountered: