hsuk04 opened a new pull request, #4615: URL: https://github.com/apache/bookkeeper/pull/4615
Descriptions of the changes in this PR: This PR modernizes the createTempDir method in IOUtils.java and eliminates a potential race condition/directory hijacking vulnerability by using a safer, atomic method Files.createTempDirectory() introduced in Java 7 (NIO). This was also done here: https://github.com/openkm/document-management-system/commit/c069e4d73ab8864345c25119d8459495f45453e1 https://github.com/samtools/htsjdk/commit/269ba3fa507b9bab2dce54bf786d46b575db5527 ### Motivation The existing implementation of createTempDir in IOUtils.java uses an outdated pattern involving File.createTempFile() followed by delete() and mkdir(). This sequence is potentially vulnerable to a race condition (CWE-379) which can lead to temporary directory hijacking or information disclosure. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
