Are there any plan to update dependent libraries in GWT 2.9 /3.x

[Hrishikesh Joshi]

Are there any plans to update libraries like Jetty., common collections and servlet jar with known security issues. Although there is no direct attack surface some organization policies deny deploying product with known CVE.

Are there any known technical limitation to update those?

[Jens]

GWT still supports Java 7. Switching to Java 8 as a new baseline is currently being discussed at https://groups.google.com/forum/#!topic/google-web-toolkit-contributors/tMR3Dv1YBBE . 

Updating Jetty to newest version would require Java 8. Newer versions of other libraries might have the same requirement. So assuming library updates do not break any code, Java 7 support is currently the only technical limitation.

-- J.