Update Guava version - currently the latest released version 3.3.2 mentions Guava version that has known vulnerability.

Question

Update Guava version - currently the latest released version 3.3.2 mentions Guava version that has known vulnerability.

Closed this issue a year ago · 2 comments

The currently released artifact (3.3.2) mentions (./META-INF/maven/com.google.guava/guava/pom.xml) the version 31.1-jre of guava that has a know vulnerability https://www.cve.org/CVERecord?id=CVE-2023-2976.

It would be great to update it to the latest version of guava that fixed it (e.g. 32.0.1-jre)

Answer 1 · 2023-07-06T16:04:54.000Z

Released and in Maven Central.

[edit: OK, the Maven Central browsing wasn't showing it when I posted. But the release appeared in the metadata, which is what counts IIUC.]

Answer 2 · 2023-07-06T17:25:53.000Z

Indeed, the latest release 3.3.3 fetches the latest Guava, many thanks for the quick turnaround!