Alluxio uses com.google.guava:guava:14.0.1 which has security vulnerability

Description

Alluxio uses com.google.guava:guava:14.0.1 which has following security vulnerability.
Vulnerability details:
Number:CVE‌-2018-10237
Description:
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable
(source:https://www.cvedetails.com/cve/CVE-2018-10237/?q=CVE‌-2018-10237)

Is there any upgrade/alternate planned for above issue?

Environment

None

Status

Configure