Community
Participate
Working Groups
Orbit currently offers Guava 27.1.0, which is vulnerable to CVE-2020-8908. Orbit should add the latest Guava, which is currently 30.1. Orbit should also remove Guava 27.1.0 in order to conform to the "only 1 version" policy, but will need to notify cross-project-issues-dev of this change first.
what would a timeline for this be. shipping the drop with M3 would be a bit to late for Xtext/MWE capacities
I will attempt to land it in M2.
CQ: https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23002
New Gerrit change created: https://git.eclipse.org/r/c/orbit/orbit-recipes/+/175412