[NIFI-9420] Upgrade Guava in MiNiFi to 31.0.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.15.0
Fix Version/s: 1.16.0, 1.15.1
Component/s: MiNiFi
Labels:
- dependency-upgrade
- security

Description

MiNiFi depends on Guava 26.0 to support caching in the Config Service REST Resource. Although MiNiFi does not use the feature, Guava versions 30 and below have a vulnerability associated with temporary directory creation as described in CVE-2020-8908. Upgrading Guava to 31.0.1 addresses the associated vulnerability.

Attachments

Issue Links

links to

GitHub Pull Request #5556

Activity

People

Assignee:: David Handermann

Reporter:: David Handermann

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29/Nov/21 17:50

Updated:: 14/Dec/21 16:54

Resolved:: 30/Nov/21 20:08

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

0.5h