Sylwester Lachiewicz created MINDEXER-126:
---------------------------------------------
Summary: Remove guava dependency from indexer-core
Key: MINDEXER-126
URL: https://issues.apache.org/jira/browse/MINDEXER-126
Project: Maven Indexer
Issue Type: Dependency upgrade
Reporter: Sylwester Lachiewicz
It suffers from multiple CVEs:
* guava < 24.1.1 is vulnerable to
[CVE-2018-10237|https://github.com/advisories/GHSA-mvr2-9pj6-7w5j].
* guava < 30.0 is vulnerable to CVE-2020-8908.
Moving to guava 30.1 will require moving to Java 8 so it's actually
simpler to just remove the dependency altogether.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
