You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@submarine.apache.org by GitBox <gi...@apache.org> on 2021/08/31 08:09:05 UTC

[GitHub] [submarine] aeioulisa opened a new pull request #734: SUBMARINE-981. Update com.google.guava:guava version

aeioulisa opened a new pull request #734:
URL: https://github.com/apache/submarine/pull/734


   ### What is this PR for?
   Upgrade com.google.guava:guava to version 30.0-jre
   
   A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible.
   
   ### What type of PR is it?
   [Improvement]
   
   ### Todos
   * [ ] - Task
   
   ### What is the Jira issue?
   https://issues.apache.org/jira/projects/SUBMARINE/issues/SUBMARINE-981
   
   ### How should this be tested?
   <!--
   * First time? Setup Travis CI as described on https://submarine.apache.org/contribution/contributions.html#continuous-integration
   * Strongly recommended: add automated unit tests for any new or changed behavior
   * Outline any manual steps to test the PR here.
   -->
   ### Screenshots (if appropriate)
   
   ### Questions:
   * Do the license files need updating? No
   * Are there breaking changes for older versions? No
   * Does this need new documentation? No
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@submarine.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [submarine] asfgit closed pull request #734: SUBMARINE-981. Update com.google.guava:guava version

Posted by GitBox <gi...@apache.org>.
asfgit closed pull request #734:
URL: https://github.com/apache/submarine/pull/734


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@submarine.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [submarine] asfgit closed pull request #734: SUBMARINE-981. Update com.google.guava:guava version

Posted by GitBox <gi...@apache.org>.
asfgit closed pull request #734:
URL: https://github.com/apache/submarine/pull/734


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@submarine.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org