scalacache-guava 0.28.0 contains a security threat

Question

scalacache-guava 0.28.0 contains a security threat

maciejwitwicki opened this issue 4 years ago · 2 comments

Hi,

There is a known vulnerability found in the guava 0.28-jre which is used by the latest scalacache-guava .28.0.
Guava version should be bumped to get rid of that threat.

Do you plan to bump the scalacache-guava version anytime soon?

Link to the vulnerability details: SNYK-JAVA-COMGOOGLEGUAVA-1015415

Best regards
Maciej

Answer 1 · 2020-12-02T16:54:55.000Z

Thank you for reporting this. We will definitely get this addressed in our next release. In the meantime, would you benefit from a patch release updating this?

Answer 2 · 2022-05-31T17:37:15.000Z

Hello, I am a project maintainer for a project called Open Horizon (https://github.com/open-horizon). We have a component project that uses Guava as part of Scala Cache and we would benefit from either a patch release fixing this vulnerability or a stable 1.0.0 release that we can update to.