[
https://issues.apache.org/jira/browse/PHOENIX-6439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Istvan Toth resolved PHOENIX-6439.
----------------------------------
Resolution: Duplicate
Closing this one, as PHOENIX-6576 already has a PR.
> Remove uses of Guava's Files#createTempDir
> ------------------------------------------
>
> Key: PHOENIX-6439
> URL: https://issues.apache.org/jira/browse/PHOENIX-6439
> Project: Phoenix
> Issue Type: Bug
> Reporter: Andrew Kyle Purtell
> Priority: Minor
> Labels: beginner
>
> See CVE-2020-8908. Guava's Files#createTempDir creates files that are
> world-readable. Phoenix has some test code that uses this API. Chances are
> eventually someone's security vulnerability scanner will ding you. Not urgent
> to fix, but the fix is simple:
> "We recommend migrating to the Java 7 API
> java.nio.file.Files.createTempDirectory() which explicitly configures
> permissions of 700, or configuring the Java runtime's java.io.tmpdir system
> property to point to a location whose permissions are appropriately
> configured."
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
