Our project is using jmxutils and our dependency vulnerability scanning is reporting a Guava vulnerability CVE-2020-8908 that's being brought in by jmxutils. I'm not sure if the project is still active, but is there any possibility the version of Guava could be bumped to resolve this? Because Guava is shaded we can't upgrade the version on our end.
Hi there,
Our project is using
jmxutils
and our dependency vulnerability scanning is reporting a Guava vulnerability CVE-2020-8908 that's being brought in byjmxutils
. I'm not sure if the project is still active, but is there any possibility the version of Guava could be bumped to resolve this? Because Guava is shaded we can't upgrade the version on our end.Thanks!