From fd9be630bee80ab650a440ac6a102f8730c63093 Mon Sep 17 00:00:00 2001
From: MariamAlmesfer <Mariamalmesfer22@gmail.com>
Date: Mon, 30 Sep 2024 17:28:58 +0300
Subject: [PATCH] Upgrade Jackson & its dependencies to resolve CVEs If
 applied, this will: Upgrade Jackson Core, Databind, and other dependencies to
 version 2.15.4. Address security vulnerabilities, including PRISMA-2023-0067.

---
 pom.xml                                       | 40 ++++++++++++++++++-
 presto-bigquery/pom.xml                       |  1 +
 presto-hudi/pom.xml                           |  1 -
 presto-iceberg/pom.xml                        |  1 -
 .../spi/MaterializedViewDefinition.java       |  2 +-
 5 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index ea9e9d566815..9428af89d47f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -77,7 +77,7 @@
         <dep.ratis.version>2.2.0</dep.ratis.version>
         <dep.errorprone.version>2.18.0</dep.errorprone.version>
         <dep.guava.version>32.1.0-jre</dep.guava.version>
-        <dep.jackson.version>2.11.0</dep.jackson.version>
+        <dep.jackson.version>2.15.4</dep.jackson.version>
         <dep.j2objc.version>2.8</dep.j2objc.version>
         <dep.avro.version>1.11.4</dep.avro.version>
         <dep.commons.compress.version>1.26.2</dep.commons.compress.version>
@@ -798,6 +798,36 @@
                 <version>${dep.jackson.version}</version>
             </dependency>
 
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-core</artifactId>
+                <version>${dep.jackson.version}</version>
+            </dependency>
+
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-annotations</artifactId>
+                <version>${dep.jackson.version}</version>
+            </dependency>
+
+            <dependency>
+                <groupId>com.fasterxml.jackson.dataformat</groupId>
+                <artifactId>jackson-dataformat-smile</artifactId>
+                <version>${dep.jackson.version}</version>
+            </dependency>
+
+            <dependency>
+                <groupId>com.fasterxml.jackson.dataformat</groupId>
+                <artifactId>jackson-dataformat-yaml</artifactId>
+                <version>${dep.jackson.version}</version>
+            </dependency>
+
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-databind</artifactId>
+                <version>${dep.jackson.version}</version>
+            </dependency>
+
             <dependency>
                 <groupId>com.jayway.jsonpath</groupId>
                 <artifactId>json-path</artifactId>
@@ -2277,6 +2307,14 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-enforcer-plugin</artifactId>
+                    <version>3.3.0</version>
+                    <dependencies>
+                        <dependency>
+                            <groupId>org.codehaus.mojo</groupId>
+                            <artifactId>extra-enforcer-rules</artifactId>
+                            <version>1.6.2</version>
+                        </dependency>
+                    </dependencies>
                     <configuration>
                         <rules>
                             <requireUpperBoundDeps>
diff --git a/presto-bigquery/pom.xml b/presto-bigquery/pom.xml
index 81f83280d064..4622d9dc8b73 100644
--- a/presto-bigquery/pom.xml
+++ b/presto-bigquery/pom.xml
@@ -353,6 +353,7 @@
                                 <exclude>com.fasterxml.jackson.core:jackson-core</exclude>
                                 <exclude>javax.annotation:javax.annotation-api</exclude>
                                 <exclude>com.fasterxml.jackson.core:jackson-databind</exclude>
+                                <exclude>com.google.api.grpc:proto-google-common-protos</exclude>
                             </excludes>
                         </requireUpperBoundDeps>
                     </rules>
diff --git a/presto-hudi/pom.xml b/presto-hudi/pom.xml
index a8206b4fdd5b..4cc363a9f6e4 100644
--- a/presto-hudi/pom.xml
+++ b/presto-hudi/pom.xml
@@ -217,7 +217,6 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-annotations</artifactId>
-            <version>2.10.2</version>
             <scope>provided</scope>
         </dependency>
 
diff --git a/presto-iceberg/pom.xml b/presto-iceberg/pom.xml
index 9287d6640631..7372a8956f93 100644
--- a/presto-iceberg/pom.xml
+++ b/presto-iceberg/pom.xml
@@ -459,7 +459,6 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-annotations</artifactId>
-            <version>2.10.2</version>
             <scope>provided</scope>
         </dependency>
 
diff --git a/presto-spi/src/main/java/com/facebook/presto/spi/MaterializedViewDefinition.java b/presto-spi/src/main/java/com/facebook/presto/spi/MaterializedViewDefinition.java
index b5762854f727..647701204784 100644
--- a/presto-spi/src/main/java/com/facebook/presto/spi/MaterializedViewDefinition.java
+++ b/presto-spi/src/main/java/com/facebook/presto/spi/MaterializedViewDefinition.java
@@ -270,7 +270,7 @@ public String getColumnName()
             return columnName;
         }
 
-        @JsonProperty
+        @JsonProperty(value = "isDirectMapped")
         public Optional<Boolean> isDirectMapped()
         {
             return isDirectMapped;