Java Agent and commons-compress and Guava and the vulnerable classes with CVEs.
The Guava library that the agent uses, is loaded by our own custom class loader. Thus, it is not accessible by the application.
Release : 10.7.0
Component : APM Agents
The Guava library that the APM Java Agent uses, are loaded by our custom class loader and hence won’t be accessible by the application.
If the application uses some utilities from the Guava library, they have to use its own copy/version where the CVE's have been addressed.