Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2023-2976 - High #786

Open
naphelps opened this issue Aug 16, 2023 · 3 comments
Open

CVE-2023-2976 - High #786

naphelps opened this issue Aug 16, 2023 · 3 comments

Comments

@naphelps
Copy link

Version: 0.28.0

References: https://nvd.nist.gov/vuln/detail/CVE-2023-2976
@mikehyde
Copy link

@lewisjkl May we please have a release with Guava upgraded to the latest version?

@K-Pomian
Copy link

Hi @lewisjkl
Is there any chance that this will be fixed?

@kubukoz
Copy link
Collaborator

kubukoz commented Dec 11, 2024

At this stage I think you should consider this library unmaintained.

You can secure yourself against the CVE by adding an explicit dependency for Guava in your own build, but personally I'd recommend moving away from Scalacache to e.g. mules in the near future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kubukoz @K-Pomian @mikehyde @naphelps