Google Guava End of Life (EOL) Dates & Support Timeline
Complete end-of-life dates, support windows, and security status for all Google Guava versions. Data sourced from endoflife.date and official vendor documentation. Updated at every deploy.
| Version | Latest Release | Release Date | EOL Date | Days | Status |
|---|---|---|---|---|---|
| 30 | 30.1.1-jre | Oct 16, 2020 | Sep 24, 2021 | 1748 days past EOL | EOL |
| 31 | 31.1-jre | Sep 24, 2021 | May 26, 2023 | 1139 days past EOL | EOL |
| 32 | 32.1.3-jre | May 26, 2023 | Dec 18, 2023 | 933 days past EOL | EOL |
| 33 | 33.6.0-jre | Dec 18, 2023 | TBD | Supported | Active |
Google Guava lifecycle status — the real story
Google Guava follows a rolling, latest-only support model: Google does not backport bug or security fixes and explicitly directs users to the newest release. In practice each major version reaches end of life the day its successor ships — 32.x ended when 33.0.0 arrived in December 2023.
The current 33.x line has been maintained since December 2023 (33.6.0 shipped April 2026). Because Guava upgrades within recent majors are usually source-compatible, staying current is cheap compared with most Java libraries — the risk concentrates in applications frozen on multi-year-old majors like 30.x and earlier, and in older Android projects pinned to the -android flavor.
Guava is also a top-ten transitive dependency across the Maven ecosystem, so an EOL Guava frequently arrives through frameworks rather than direct declaration — dependency-management overrides are the standard remediation.
What does Google Guava end of life mean for your organization?
When a version of Google Guava reaches end of life, the maintainers stop issuing security patches. Vulnerabilities discovered after this date are publicly disclosed on the National Vulnerability Database, exploit code appears on GitHub, and your systems remain permanently exposed.
The CVE blind spot: Most vulnerability scanners check for known CVEs but do not flag the accumulation of unpatched vulnerabilities in EOL software. With a zero-day, nobody knows about the vulnerability. With EOL software, the vulnerability is public — listed, rated, and often weaponized — but no patch will ever exist. This is the most dangerous gap in enterprise security posture.
Organizations running EOL Google Guava should treat it as a vulnerability class in their risk register, apply compensating controls (network segmentation, enhanced monitoring, access restriction), and prioritize migration to a supported version.
Extended Support Options
If you cannot migrate immediately, extended support vendors provide continued security patches for EOL Google Guava versions. This is a bridge, not a permanent solution — plan your migration in parallel.
We work with vetted extended support vendors. Tell us what you need and we'll connect you with the right provider.
Contact Us →