Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Address vulnerabilities reported by Snyk #43

Closed
sergei-ivanov opened this issue Sep 23, 2018 · 0 comments
Closed

Address vulnerabilities reported by Snyk #43

sergei-ivanov opened this issue Sep 23, 2018 · 0 comments
Assignees
Milestone

Comments

@sergei-ivanov
Copy link
Member

@sergei-ivanov sergei-ivanov commented Sep 23, 2018

Is your feature request related to a problem? Please describe.
Snyk reports a vulnerability in the Guava library, and also the plugin code is affected by Zip Slip vulnerability.

Describe the solution you'd like
Currently it is impossible to upgrade Guava because of a Java version lock-in. Since there's only minimal use for it in the project, it makes more sense to root it out.
Zip Slip requires a small code change.

Describe alternatives you've considered
N/A

Additional context
For more information, please see:
https://snyk.io/test/github/xolstice/protobuf-maven-plugin
https://snyk.io/research/zip-slip-vulnerability

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant