Upgraded Guava version from 19.0 to 27.1-jre - CVE-2018-10237 - CWE-119

Signed-off-by: coduz <alberto.codutti@eurotech.com>
eclipse-kapua · Jun 21, 2019 · 35c7b15 · 35c7b15
1 parent 33d63bb
commit 35c7b15
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 9 deletions.
diff --git a/.../org/eclipse/kapua/broker/core/listener/DeviceManagementNotificationMessageProcessor.java b/.../org/eclipse/kapua/broker/core/listener/DeviceManagementNotificationMessageProcessor.java
@@ -69,13 +69,13 @@ public void processMessage(CamelKapuaMessage<?> message) throws KapuaException {
         KapuaNotifyPayload notifyPayload = notifyMessage.getPayload();
 
         try {
-            DEVICE_MANAGEMENT_REGISTRY_MANAGER_SERVICE.processOperationNotification(
-                    notifyMessage.getScopeId(),
-                    notifyPayload.getOperationId(),
-                    MoreObjects.firstNonNull(notifyMessage.getSentOn(), notifyMessage.getReceivedOn()),
-                    notifyPayload.getResource(),
-                    notifyPayload.getStatus(),
-                    notifyPayload.getProgress());
+        DEVICE_MANAGEMENT_REGISTRY_MANAGER_SERVICE.processOperationNotification(
+                notifyMessage.getScopeId(),
+                notifyPayload.getOperationId(),
+                MoreObjects.firstNonNull(notifyMessage.getSentOn(), notifyMessage.getReceivedOn()),
+                notifyPayload.getResource(),
+                notifyPayload.getStatus(),
+                notifyPayload.getProgress());
 
             JOB_DEVICE_MANAGEMENT_OPERATION_MANAGER_SERVICE.processJobTargetOnNotification(
                     notifyMessage.getScopeId(),

diff --git a/broker-core/src/main/readme.txt b/broker-core/src/main/readme.txt
@@ -40,7 +40,7 @@ replacing the ******* in the original file (this is an extract)
 copy all the jars needed by the application to the lib/kapua directory (this is the current list):
 
   358048  4 Ago 16:02 commons-configuration-1.9.jar
- 2308517  4 Ago 11:58 guava-19.0.jar
+ 2308517  4 Ago 11:58 guava-27.1.jar
   162116  4 Ago 16:04 javax.persistence-2.1.1.jar
    17750  4 Ago 16:26 jbcrypt-0.3m.jar
     6583  4 Ago 12:29 metrics-annotation-3.1.2.jar

diff --git a/pom.xml b/pom.xml
@@ -45,7 +45,7 @@
         <elasticsearch.version>2.3.4</elasticsearch.version>
         <findbugs.version>2.0.1</findbugs.version>
         <gson.version>2.7</gson.version>
-        <guava.version>19.0</guava.version>
+        <guava.version>27.1-jre</guava.version>
         <guice.version>4.1.0</guice.version>
         <h2.version>1.4.192</h2.version>
         <httpcomponents.version>4.5.2</httpcomponents.version>