Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 570581

Summary: Update Guava to 30.1
Product: [Tools] Orbit Reporter: Tony Homer <tony.homer>
Component: bundlesAssignee: Tony Homer <tony.homer>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: christian.dietrich.opensource, miklossy
Version: unspecified   
Target Milestone: 2021-03 M2   
Hardware: All   
OS: All   
See Also: https://bugs.eclipse.org/bugs/show_bug.cgi?id=570582
https://git.eclipse.org/r/c/orbit/orbit-recipes/+/175412
Whiteboard:

Description Tony Homer CLA 2021-01-22 14:59:03 EST 
Orbit currently offers Guava 27.1.0, which is vulnerable to CVE-2020-8908.
Orbit should add the latest Guava, which is currently 30.1.
Orbit should also remove Guava 27.1.0 in order to conform to the "only 1 version" policy, but will need to notify cross-project-issues-dev of this change first.
Comment 1 Christian Dietrich CLA 2021-01-25 00:45:32 EST 
what would a timeline for this be. shipping the drop with M3 would be a bit to late for Xtext/MWE capacities
Comment 2 Tony Homer CLA 2021-01-26 19:53:55 EST 
I will attempt to land it in M2.
Comment 3 Tony Homer CLA 2021-01-27 13:24:07 EST 
CQ: https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23002
Comment 4 Eclipse Genie CLA 2021-01-27 15:37:04 EST 
New Gerrit change created: https://git.eclipse.org/r/c/orbit/orbit-recipes/+/175412