[SUBMARINE-981] Update com.google.guava:guava version - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.6.0
Component/s: Commons
Labels:
- pull-request-available

Target Version:

0.6.0

Description

Upgrade com.google.guava:guava to version 30.0-jre or later.

CVE-2020-8908

low severity
Vulnerable versions: <= 29.0
Patched version: 30.0-jre
A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible.

Attachments

Issue Links

links to

GitHub Pull Request #734

Activity

People

Assignee:: Lisa Chang

Reporter:: Kevin Su

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 15/Aug/21 15:19

Updated:: 01/Sep/21 09:22

Resolved:: 31/Aug/21 19:56