Hello, when downloading Kafka 2.1.1, the kafka_2.12-2.1.1.tgz still contains guava-20.0.jar. This guava version currently has a vulnerability described here: https://github.com/google/guava/wiki/CVE-2018-10237 The version 24.1.1 and 25.0+ are fixed version. Are there any plans to upgrade this dependency?
Regards Jiahao Zhou
