From 0b041ef17a44b126f8eca900dae62940580e6543 Mon Sep 17 00:00:00 2001
From: Bartosz Kosiorek <gang65@poczta.onet.pl>
Date: Mon, 3 Mar 2025 14:54:43 +0100
Subject: [PATCH] Upgrade to com.google.guava 32.1.3-jre to fix CVE-2023-2976
 and CVE-2020-8908

---
 LICENSE-binary         | 1 +
 hadoop-project/pom.xml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index 917aa4751fc9f..923f984987c19 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -239,6 +239,7 @@ com.google.json-simple:json-simple:1.1.1
 com.google.guava:failureaccess:1.0
 com.google.guava:guava:20.0
 com.google.guava:guava:32.0.1-jre
+com.google.guava:guava:32.1.3-jre
 com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
 com.microsoft.azure:azure-storage:7.0.0
 com.nimbusds:nimbus-jose-jwt:9.37.2
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index f6dc71288ed15..97bd3d5e2b820 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -108,7 +108,7 @@
     <findbugs.version>3.0.5</findbugs.version>
     <dnsjava.version>3.6.1</dnsjava.version>
 
-    <guava.version>27.0-jre</guava.version>
+    <guava.version>32.1.3-jre</guava.version>
     <guice.version>5.1.0</guice.version>
 
     <bouncycastle.version>1.78.1</bouncycastle.version>