[
https://issues.apache.org/jira/browse/MNG-7535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17598578#comment-17598578
]
Michael Osipov commented on MNG-7535:
-------------------------------------
That's not the primary source, neither canonical one. Just because they say
this doesn't have to be the truth.
> Latest release of Maven contain EOL component - EOL-Google Guava 25.1
> ---------------------------------------------------------------------
>
> Key: MNG-7535
> URL: https://issues.apache.org/jira/browse/MNG-7535
> Project: Maven
> Issue Type: Dependency upgrade
> Components: Dependencies
> Affects Versions: 3.8.6
> Reporter: Chris Campbell
> Priority: Minor
>
> We are utilizing the latest maven releases and getting EOL findings (
> EOL-Google Guava 25.1 ) from our internal Enterprise Security team that we
> must remediate.
> Will maven releases update to a newer, non-EOL of these components? If not,
> is there anything we can do ourselves to remediate and use non-EOL versions?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
