Sylwester Lachiewicz created MINDEXER-126: ---------------------------------------------
Summary: Remove guava dependency from indexer-core Key: MINDEXER-126 URL: https://issues.apache.org/jira/browse/MINDEXER-126 Project: Maven Indexer Issue Type: Dependency upgrade Reporter: Sylwester Lachiewicz It suffers from multiple CVEs: * guava < 24.1.1 is vulnerable to [CVE-2018-10237|https://github.com/advisories/GHSA-mvr2-9pj6-7w5j]. * guava < 30.0 is vulnerable to CVE-2020-8908. Moving to guava 30.1 will require moving to Java 8 so it's actually simpler to just remove the dependency altogether. -- This message was sent by Atlassian Jira (v8.3.4#803005)