570581 – Update Guava to 30.1

Bug 570581 - Update Guava to 30.1

Summary: Update Guava to 30.1

Status:	RESOLVED FIXED

Alias:	None

Product:	Orbit
Classification:	Tools
Component:	bundles (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P3 normal (vote)
Target Milestone:	2021-03 M2
Assignee:	Tony Homer
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-01-22 14:59 EST by Tony Homer
Modified:	2021-01-28 12:32 EST (History)
CC List:	2 users (show)

See Also:	570582 Gerrit Change

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tony Homer

2021-01-22 14:59:03 EST

Orbit currently offers Guava 27.1.0, which is vulnerable to CVE-2020-8908.
Orbit should add the latest Guava, which is currently 30.1.
Orbit should also remove Guava 27.1.0 in order to conform to the "only 1 version" policy, but will need to notify cross-project-issues-dev of this change first.

Comment 1 Christian Dietrich

2021-01-25 00:45:32 EST

what would a timeline for this be. shipping the drop with M3 would be a bit to late for Xtext/MWE capacities

Comment 2 Tony Homer

2021-01-26 19:53:55 EST

I will attempt to land it in M2.

Comment 3 Tony Homer

2021-01-27 13:24:07 EST

CQ: https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23002

Comment 4 Eclipse Genie

2021-01-27 15:37:04 EST

New Gerrit change created: https://git.eclipse.org/r/c/orbit/orbit-recipes/+/175412