...
In the event that we ship releases known to, or that we subsequently discovery to, contain vulnerable libraries and do not have specific plans to immediately issue a patch with a newer version, we will document any known issues here, and our official position as to the lack of relevance of the issue to the software. It is not our aim to pass generic, context-free scanners that simply flag every issue. Automation is not a substitute for human judgement.
V4.1.
...
3
- Guava (any) (CVE-2020-8908)
- We don't use the affected, deprecated function, and there is no fix for the issue.