robbytx
commented
5 years ago Also, note that Guava pre-24.1.1 has a known vulnerability -- https://nvd.nist.gov/vuln/detail/CVE-2018-10237. Fortunately, it only affects Java and/or GWT serialization of specific classes, but applications that must upgrade cannot continue to use the LeaderService in this library.
LeaderService uses
MoreExecutors.sameThreadExecutorfrom Guava, but this API was removed in Guava 21.Therefore, it is not possible to use the LeaderService in an application that uses Guava 21 or higher. Note that the suggested alternatives require Guava 18.