Hi folks,

I was looking into upgrading guava to  27.0-jre on branch-2.10 in order to
address the vulnerabilities reported as CVE-2018-10237
Since there are concerns using Java8, the plan is to stick to JDK7.

Obviously, it is expected that the upgrade will break downstream projects.

I opened this for discussion to get feedback and make sure that we have
common ground to address the security of vulnerabilities.

Let me know WDYT.

Best Regards,

*Ahmed Hussein, PhD*

Reply via email to