b0618f9b94
This upgrade fixes CVE-2018-10237 [1]: Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker- provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. [1] https://nvd.nist.gov/vuln/detail/CVE-2018-10237 This also adds dependency on j2objc-annotations to prevent the following warning during the build: INFO: From Building java/com/google/gerrit/lucene/liblucene.jar (12 source files): warning: unknown enum constant ReflectionSupport$Level.FULL reason: class file for com.google.j2objc.annotations.ReflectionSupport$Level not found Bug: Issue 9952 Change-Id: Iea79ee7d93c4b7c85479b5ec01ee07e19beed611
6 lines
181 B
Python
6 lines
181 B
Python
GUAVA_VERSION = "24.1.1-jre"
|
|
|
|
GUAVA_BIN_SHA1 = "2e3014320a8005e3f3c1800cb246ed42db8cab81"
|
|
|
|
GUAVA_DOC_URL = "https://google.github.io/guava/releases/" + GUAVA_VERSION + "/api/docs/"
|