Hi Cassandra developers,
Today I learned that Guava 18 has "severe" vulnerability [1,2]. As per
code freezing, Cassandra 3.11 still accepts security related PRs.
Will Cassandra team accept a pull request to upgrade Guava in 3.11
[3], if I create one?
[1]: https://search.maven.org/artifact/com.goo
This isn't an opinion for or against upgrading guava, just a note that the
two classes mentioned in that vulnerability are not actually in the
codebase:
jjirsa:cassandra jjirsa$ git checkout cassandra-3.11
Checking out files: 100% (3212/3212), done.)
Switched to branch 'cassandra-3.11'
Your branch
