[ https://issues.apache.org/jira/browse/SUBMARINE-981?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
ASF GitHub Bot updated SUBMARINE-981: ------------------------------------- Labels: pull-request-available (was: ) > Update com.google.guava:guava version > -------------------------------------- > > Key: SUBMARINE-981 > URL: https://issues.apache.org/jira/browse/SUBMARINE-981 > Project: Apache Submarine > Issue Type: Improvement > Components: Commons > Reporter: Kevin Su > Assignee: Lisa Chang > Priority: Minor > Labels: pull-request-available > > Upgrade com.google.guava:guava to version 30.0-jre or later. > h5. [CVE-2020-8908|https://github.com/advisories/GHSA-5mg8-w23w-74h3] > low severity > *Vulnerable versions:* <= 29.0 > *Patched version:* 30.0-jre > A temp directory creation vulnerability exist in Guava versions prior to > 30.0 allowing an attacker with access to the machine to potentially access > data in a temporary directory created by the Guava > com.google.common.io.Files.createTempDir(). The permissions granted to the > directory created default to the standard unix-like /tmp ones, leaving the > files open. We recommend updating Guava to version 30.0 or later, or update > to Java 7 or later, or to explicitly change the permissions after the > creation of the directory if neither are possible. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@submarine.apache.org For additional commands, e-mail: dev-h...@submarine.apache.org