[
https://issues.apache.org/jira/browse/SUBMARINE-981?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated SUBMARINE-981:
-------------------------------------
Labels: pull-request-available (was: )
> Update com.google.guava:guava version
> --------------------------------------
>
> Key: SUBMARINE-981
> URL: https://issues.apache.org/jira/browse/SUBMARINE-981
> Project: Apache Submarine
> Issue Type: Improvement
> Components: Commons
> Reporter: Kevin Su
> Assignee: Lisa Chang
> Priority: Minor
> Labels: pull-request-available
>
> Upgrade com.google.guava:guava to version 30.0-jre or later.
> h5. [CVE-2020-8908|https://github.com/advisories/GHSA-5mg8-w23w-74h3]
> low severity
> *Vulnerable versions:* <= 29.0
> *Patched version:* 30.0-jre
> A temp directory creation vulnerability exist in Guava versions prior to
> 30.0 allowing an attacker with access to the machine to potentially access
> data in a temporary directory created by the Guava
> com.google.common.io.Files.createTempDir(). The permissions granted to the
> directory created default to the standard unix-like /tmp ones, leaving the
> files open. We recommend updating Guava to version 30.0 or later, or update
> to Java 7 or later, or to explicitly change the permissions after the
> creation of the directory if neither are possible.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@submarine.apache.org
For additional commands, e-mail: dev-h...@submarine.apache.org
