Kevin Su created SUBMARINE-981: ---------------------------------- Summary: Update com.google.guava:guava version Key: SUBMARINE-981 URL: https://issues.apache.org/jira/browse/SUBMARINE-981 Project: Apache Submarine Issue Type: Improvement Components: Commons Reporter: Kevin Su
Upgrade com.google.guava:guava to version 30.0-jre or later. h5. [CVE-2020-8908|https://github.com/advisories/GHSA-5mg8-w23w-74h3] low severity *Vulnerable versions:* <= 29.0 *Patched version:* 30.0-jre A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@submarine.apache.org For additional commands, e-mail: dev-h...@submarine.apache.org