Andrew Kyle Purtell created PHOENIX-6439:
--------------------------------------------
Summary: Remove uses of Guava's Files#createTempDir
Key: PHOENIX-6439
URL: https://issues.apache.org/jira/browse/PHOENIX-6439
Project: Phoenix
Issue Type: Bug
Reporter: Andrew Kyle Purtell
See CVE-2020-8908. Guava's Files#createTempDir creates files that are
world-readable. Phoenix has some test code that uses this API. Chances are
eventually someone's security vulnerability scanner will ding you. Not urgent
to fix, but the fix is simple:
"We recommend migrating to the Java 7 API
java.nio.file.Files.createTempDirectory() which explicitly configures
permissions of 700, or configuring the Java runtime's java.io.tmpdir system
property to point to a location whose permissions are appropriately configured."
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
