You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@submarine.apache.org by "Kevin Su (Jira)" <ji...@apache.org> on 2021/08/15 15:20:00 UTC

[jira] [Created] (SUBMARINE-981) Update com.google.guava:guava version

Kevin Su created SUBMARINE-981:
----------------------------------

             Summary: Update com.google.guava:guava version 
                 Key: SUBMARINE-981
                 URL: https://issues.apache.org/jira/browse/SUBMARINE-981
             Project: Apache Submarine
          Issue Type: Improvement
          Components: Commons
            Reporter: Kevin Su


Upgrade com.google.guava:guava to version 30.0-jre or later.

 
h5. [CVE-2020-8908|https://github.com/advisories/GHSA-5mg8-w23w-74h3]
low severity
*Vulnerable versions:* <= 29.0
*Patched version:* 30.0-jre
A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible.

 

 
 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@submarine.apache.org
For additional commands, e-mail: dev-help@submarine.apache.org