From 056a10b8e33c8ebcf1a1aca8f157aa9735fb3cff Mon Sep 17 00:00:00 2001 From: Marek Novotny Date: Mon, 19 Jun 2023 19:48:02 +0200 Subject: [PATCH] [PUBDEV-9112] Fix CVE-2023-2976 --- h2o-assemblies/main/build.gradle | 3 ++- h2o-assemblies/minimal/build.gradle | 3 ++- h2o-assemblies/steam/build.gradle | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/h2o-assemblies/main/build.gradle b/h2o-assemblies/main/build.gradle index 8a4bae76c045..611f10dedd30 100644 --- a/h2o-assemblies/main/build.gradle +++ b/h2o-assemblies/main/build.gradle @@ -27,7 +27,8 @@ dependencies { api('com.fasterxml.jackson.core:jackson-databind:2.13.4.2') { because 'Fixes CVE-2022-42003' } - api('com.google.guava:guava:31.1-jre') { + api('com.google.guava:guava:32.0.1-jre') { + because 'Fixes CVE-2023-2976' because 'Fixes CVE-2020-8908' because 'Fixes CVE-2018-10237' } diff --git a/h2o-assemblies/minimal/build.gradle b/h2o-assemblies/minimal/build.gradle index 10bb6567cdcf..2a0fe0b54359 100644 --- a/h2o-assemblies/minimal/build.gradle +++ b/h2o-assemblies/minimal/build.gradle @@ -23,7 +23,8 @@ dependencies { api project(":h2o-persist-http") constraints { - api('com.google.guava:guava:31.1-jre') { + api('com.google.guava:guava:32.0.1-jre') { + because 'Fixes CVE-2023-2976' because 'Fixes CVE-2020-8908' because 'Fixes CVE-2018-10237' } diff --git a/h2o-assemblies/steam/build.gradle b/h2o-assemblies/steam/build.gradle index ff659360b260..7de32060f6f4 100644 --- a/h2o-assemblies/steam/build.gradle +++ b/h2o-assemblies/steam/build.gradle @@ -76,7 +76,8 @@ dependencies { api('org.jetbrains.kotlin:kotlin-stdlib:1.4.32') { because 'Fixes CVE-2020-29582' } - api('com.google.guava:guava:31.1-jre') { + api('com.google.guava:guava:32.0.1-jre') { + because 'Fixes CVE-2023-2976' because 'Fixes CVE-2020-8908' because 'Fixes CVE-2018-10237' }