Akshay Kotecha Jain created KNOX-2583:
-----------------------------------------
Summary: Upgrade guava to v30.0
Key: KNOX-2583
URL: https://issues.apache.org/jira/browse/KNOX-2583
Project: Apache Knox
Issue Type: Improvement
Reporter: Akshay Kotecha Jain
A temp directory creation vulnerability exists in all versions of Guava,
allowing an attacker with access to the machine to potentially access data in a
temporary directory created by the Guava API
com.google.common.io.Files.createTempDir(). By default, on unix-like systems,
the created directory is world-readable (readable by an attacker with access to
the system). The method in question has been marked @Deprecated in versions
30.0 and later and should not be used. Maybe, an update to guava seems ideal at
this point.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
