[
https://issues.apache.org/jira/browse/SUBMARINE-981?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Su resolved SUBMARINE-981.
--------------------------------
Fix Version/s: 0.6.0
Resolution: Fixed
Issue resolved by pull request 734
[https://github.com/apache/submarine/pull/734]
> Update com.google.guava:guava version
> --------------------------------------
>
> Key: SUBMARINE-981
> URL: https://issues.apache.org/jira/browse/SUBMARINE-981
> Project: Apache Submarine
> Issue Type: Improvement
> Components: Commons
> Reporter: Kevin Su
> Assignee: Lisa Chang
> Priority: Minor
> Labels: pull-request-available
> Fix For: 0.6.0
>
>
> Upgrade com.google.guava:guava to version 30.0-jre or later.
> h5. [CVE-2020-8908|https://github.com/advisories/GHSA-5mg8-w23w-74h3]
> low severity
> *Vulnerable versions:* <= 29.0
> *Patched version:* 30.0-jre
> A temp directory creation vulnerability exist in Guava versions prior to
> 30.0 allowing an attacker with access to the machine to potentially access
> data in a temporary directory created by the Guava
> com.google.common.io.Files.createTempDir(). The permissions granted to the
> directory created default to the standard unix-like /tmp ones, leaving the
> files open. We recommend updating Guava to version 30.0 or later, or update
> to Java 7 or later, or to explicitly change the permissions after the
> creation of the directory if neither are possible.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
