[
https://issues.apache.org/jira/browse/OAK-7182?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558428#comment-17558428
]
Dawid Iwo Cokan commented on OAK-7182:
--------------------------------------
{quote}the question whether we use Guava, and if so how (directly, or by
shading it) becomes secondary.
{quote}
Yes. But it has serious implication. Personally I am not fan of shading for
following reason. Consider you shade Guava and noone has to care about version
used. At the same time noone can change it. What if tomorrow new security
vulnerability is detected? In such case anyone who uses OAK with given version
cannot get rid of it until we release new OAK that will embed fixed Guava.
Saying this I feel shading stands in a contrary with idea of maven and other
packages management tool.
If you feel upgrade to Guava 22 makes sense I can prepare patch. I tried
locally seems to be easy adoption
> Make it possible to update Guava
> --------------------------------
>
> Key: OAK-7182
> URL: https://issues.apache.org/jira/browse/OAK-7182
> Project: Jackrabbit Oak
> Issue Type: Wish
> Reporter: Julian Reschke
> Priority: Minor
> Attachments: GuavaTests.java, OAK-7182-guava-21-3.diff,
> OAK-7182-guava-21-4.diff, OAK-7182-guava-21.diff, OAK-7182-guava-23.6.1.diff,
> guava.diff
>
>
> We currently rely on Guava 15, and this affects all users of Oak because they
> essentially need to use the same version.
> This is an overall issue to investigate what would need to be done in Oak in
> order to make updates possible.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
