New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Address vulnerabilities reported by Snyk #43

Closed
sergei-ivanov opened this Issue Sep 23, 2018 · 0 comments

Comments

1 participant
@sergei-ivanov
Copy link
Member

sergei-ivanov commented Sep 23, 2018

Is your feature request related to a problem? Please describe.
Snyk reports a vulnerability in the Guava library, and also the plugin code is affected by Zip Slip vulnerability.

Describe the solution you'd like
Currently it is impossible to upgrade Guava because of a Java version lock-in. Since there's only minimal use for it in the project, it makes more sense to root it out.
Zip Slip requires a small code change.

Describe alternatives you've considered
N/A

Additional context
For more information, please see:
https://snyk.io/test/github/xolstice/protobuf-maven-plugin
https://snyk.io/research/zip-slip-vulnerability

@sergei-ivanov sergei-ivanov self-assigned this Sep 23, 2018

@sergei-ivanov sergei-ivanov added this to the 0.6 milestone Sep 23, 2018

@sergei-ivanov sergei-ivanov removed the 4 - Done label Oct 1, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment