Hi folks, I was looking into upgrading guava to 27.0-jre on branch-2.10 in order to address the vulnerabilities reported as CVE-2018-10237 <https://nvd.nist.gov/vuln/detail/CVE-2018-10237>. Since there are concerns using Java8, the plan is to stick to JDK7.
Obviously, it is expected that the upgrade will break downstream projects. I opened this for discussion to get feedback and make sure that we have common ground to address the security of vulnerabilities. Let me know WDYT. -- Best Regards, *Ahmed Hussein, PhD*