[
https://issues.apache.org/jira/browse/IMPALA-12767?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Riza Suminto resolved IMPALA-12767.
-----------------------------------
Fix Version/s: Impala 4.4.0
Resolution: Fixed
> Upgrade Guava to 32.0.1 due to CVE-2023-2976
> ---------------------------------------------
>
> Key: IMPALA-12767
> URL: https://issues.apache.org/jira/browse/IMPALA-12767
> Project: IMPALA
> Issue Type: Task
> Components: Frontend
> Reporter: Riza Suminto
> Assignee: Riza Suminto
> Priority: Critical
> Fix For: Impala 4.4.0
>
>
> {quote}Use of Java's default temporary directory for file creation in
> `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems
> and Android Ice Cream Sandwich allows other users and apps on the machine
> with access to the default Java temporary directory to be able to access the
> files created by the class. Even though the security vulnerability is fixed
> in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks
> some functionality under Windows.
> {quote}
> [https://nvd.nist.gov/vuln/detail/CVE-2023-2976]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
