[ https://issues.apache.org/jira/browse/SUBMARINE-981?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Su updated SUBMARINE-981: ------------------------------- Description: Upgrade com.google.guava:guava to version 30.0-jre or later. h5. [CVE-2020-8908|https://github.com/advisories/GHSA-5mg8-w23w-74h3] low severity *Vulnerable versions:* <= 29.0 *Patched version:* 30.0-jre A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible. was: Upgrade com.google.guava:guava to version 30.0-jre or later. h5. [CVE-2020-8908|https://github.com/advisories/GHSA-5mg8-w23w-74h3] low severity *Vulnerable versions:* <= 29.0 *Patched version:* 30.0-jre A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible. > Update com.google.guava:guava version > -------------------------------------- > > Key: SUBMARINE-981 > URL: https://issues.apache.org/jira/browse/SUBMARINE-981 > Project: Apache Submarine > Issue Type: Improvement > Components: Commons > Reporter: Kevin Su > Priority: Minor > > Upgrade com.google.guava:guava to version 30.0-jre or later. > h5. [CVE-2020-8908|https://github.com/advisories/GHSA-5mg8-w23w-74h3] > low severity > *Vulnerable versions:* <= 29.0 > *Patched version:* 30.0-jre > A temp directory creation vulnerability exist in Guava versions prior to > 30.0 allowing an attacker with access to the machine to potentially access > data in a temporary directory created by the Guava > com.google.common.io.Files.createTempDir(). The permissions granted to the > directory created default to the standard unix-like /tmp ones, leaving the > files open. We recommend updating Guava to version 30.0 or later, or update > to Java 7 or later, or to explicitly change the permissions after the > creation of the directory if neither are possible. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@submarine.apache.org For additional commands, e-mail: dev-h...@submarine.apache.org