CVE-2020-8908 guava: local information disclosure via temporary directory created with unsafe permissions #3494

commit: fd8926904a5f17492ad9889a020afdaa786163b2 [log] [tgz]
author: Peter Palaga <ppalaga@redhat.com> Wed Jan 26 21:43:15 2022 +0100
committer: Peter Palaga <ppalaga@redhat.com> Thu Jan 27 15:50:03 2022 +0000
tree: e339697136c20dc8840ad7aa8be2f593aa2dede1
parent: 2d647fbc4b60b6f3254ecdfc08222a59a6880d26 [diff]
diff --git a/pom.xml b/pom.xml
index 8f68ab6..80ab4a3 100644
--- a/pom.xml
+++ b/pom.xml

@@ -76,7 +76,7 @@
         <freemarker.version>2.3.31</freemarker.version><!-- @sync io.quarkiverse.freemarker:quarkus-freemarker-parent:${quarkiverse.freemarker.version} prop:freemarker.version -->
         <fommil.netlib.core.version>1.1.2</fommil.netlib.core.version><!-- Mess in Weka transitive deps -->
         <github-api.version>1.111</github-api.version><!-- Used in a Groovy script bellow -->
-        <guava.version>29.0-jre</guava.version>
+        <guava.version>30.1.1-jre</guava.version><!-- @sync io.quarkus:quarkus-bootstrap-bom:${quarkus.version} prop:guava.version -->
         <graalvm.version>21.3.0</graalvm.version><!-- @sync io.quarkus:quarkus-bom:${quarkus.version} dep:org.graalvm.nativeimage:svm -->
         <grpc.version>1.38.1</grpc.version><!-- @sync io.quarkus:quarkus-bom:${quarkus.version} dep:io.grpc:grpc-core -->
         <gson.version>2.8.6</gson.version><!-- @sync com.ibm.jsonata4java:JSONata4Java:${jsonata4java-version} dep:com.google.code.gson:gson -->
commit	fd8926904a5f17492ad9889a020afdaa786163b2	[log] [tgz]
author	Peter Palaga <ppalaga@redhat.com>	Wed Jan 26 21:43:15 2022 +0100
committer	Peter Palaga <ppalaga@redhat.com>	Thu Jan 27 15:50:03 2022 +0000
tree	e339697136c20dc8840ad7aa8be2f593aa2dede1
parent	2d647fbc4b60b6f3254ecdfc08222a59a6880d26 [diff]