This is an automated email from the ASF dual-hosted git repository.
pingsutw pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/submarine.git
The following commit(s) were added to refs/heads/master by this push:
new f621a32 SUBMARINE-981. Update com.google.guava:guava version
f621a32 is described below
commit f621a32379b5af8dee77d242cd2e2808db1a040d
Author: Lisa <[email protected]>
AuthorDate: Tue Aug 31 15:29:44 2021 +0800
SUBMARINE-981. Update com.google.guava:guava version
### What is this PR for?
Upgrade com.google.guava:guava to version 30.0-jre
A temp directory creation vulnerability exist in Guava versions prior to
30.0 allowing an attacker with access to the machine to potentially access data
in a temporary directory created by the Guava
com.google.common.io.Files.createTempDir(). The permissions granted to the
directory created default to the standard unix-like /tmp ones, leaving the
files open. We recommend updating Guava to version 30.0 or later, or update to
Java 7 or later, or to explicitly change the permissions afte [...]
### What type of PR is it?
[Improvement]
### Todos
* [ ] - Task
### What is the Jira issue?
https://issues.apache.org/jira/projects/SUBMARINE/issues/SUBMARINE-981
### How should this be tested?
<!--
* First time? Setup Travis CI as described on
https://submarine.apache.org/contribution/contributions.html#continuous-integration
* Strongly recommended: add automated unit tests for any new or changed
behavior
* Outline any manual steps to test the PR here.
-->
### Screenshots (if appropriate)
### Questions:
* Do the license files need updating? No
* Are there breaking changes for older versions? No
* Does this need new documentation? No
Author: Lisa <[email protected]>
Signed-off-by: Kevin <[email protected]>
Closes #734 from aeioulisa/SUBMARINE-981 and squashes the following commits:
b4e59634 [Lisa] Update com.google.guava:guava version
---
pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index 5949f09..d173543 100644
--- a/pom.xml
+++ b/pom.xml
@@ -110,7 +110,7 @@
<jsr305.version>1.3.9</jsr305.version>
<mockito.version>2.23.4</mockito.version>
<powermock.version>1.6.4</powermock.version>
- <guava.version>22.0</guava.version>
+ <guava.version>30.0-jre</guava.version>
<testng.version>6.4</testng.version>
<avro.version>1.8.2</avro.version>
<httpclient.version>4.5.2</httpclient.version>
@@ -351,7 +351,7 @@
<guice-servlet.version>4.0</guice-servlet.version>
<guice.version>4.0</guice.version>
<zookeeper.version>3.4.13</zookeeper.version>
- <guava.version>27.0-jre</guava.version>
+ <guava.version>30.0-jre</guava.version>
<jsr305.version>3.0.2</jsr305.version>
<profile-id>hadoop-3.2</profile-id>
</properties>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
