Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update commons-dbcp2 version to fix common vulnerabilities and exposures #24249

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update commons-dbcp2 version to fix common vulnerabilities and exposures #24249

wants to merge 1 commit into from

Conversation

bibith4
Copy link
Contributor

@bibith4 bibith4 commented Dec 12, 2024
edited
Loading

Description

Changes to upgrade commons-dbcp2 versions in from presto-pinot-toolkit and presto-product-tests to remove vulnerabilities.

Motivation and Context

The presto-pinot-toolkit and presto-product-tests have interdependencies with commons-dbcp2 versions 2.6.0 and 2.1, respectively, both of which contain vulnerabilities. These vulnerabilities can be removed by upgrading the commons-dbcp2 dependency to 2.12.0.

Impact

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Security Changes
* Fix security vulnerability in presto-pinot-toolkit and presto-product-tests in response to  [CVE-2020-0287](https://nvd.nist.gov/vuln/detail/CVE-2020-0287) :pr:`24249`

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Dec 12, 2024
@prestodb-ci prestodb-ci requested review from a team, ShahimSharafudeen and Dilli-Babu-Godari and removed request for a team December 12, 2024 10:11
@bibith4 bibith4 force-pushed the oss_cve_commons_dbcp2_fix branch 3 times, most recently from c37e6d4 to e79aaaf Compare December 12, 2024 14:03
@bibith4 bibith4 changed the title Changes to exclude commons-dbcp2 to remove vulnerabilities Update commons-dbcp2 version to fix common vulnerabilities and exposures Dec 13, 2024
@bibith4 bibith4 force-pushed the oss_cve_commons_dbcp2_fix branch from 18e1398 to e79aaaf Compare December 13, 2024 09:54
@bibith4
Update commons-dbcp2 version to fix common vulnerabilities and exposures
0bc5315 
 This is the commit message prestodb#2:

Update commons-dbcp2 version to fix common vulnerabilities and exposures

Update commons-dbcp2 version to fix common vulnerabilities and exposures
@bibith4 bibith4 force-pushed the oss_cve_commons_dbcp2_fix branch from f7a2c17 to 0bc5315 Compare December 13, 2024 11:17
@bibith4 bibith4 marked this pull request as ready for review December 16, 2024 08:42
@bibith4 bibith4 requested a review from a team as a code owner December 16, 2024 08:42
@bibith4 bibith4 requested a review from presto-oss December 16, 2024 08:42
@Dilli-Babu-Godari
Copy link
Contributor

@bibith4 I noticed that the latest version of commons-dbcp2 is available. Is there any issue with using that version?

@Dilli-Babu-Godari
Copy link
Contributor

@bibith4 LGTM

@bibith4
Copy link
Contributor Author

bibith4 commented Dec 16, 2024

@bibith4 I noticed that the latest version of commons-dbcp2 is available. Is there any issue with using that version?

@Dilli-Babu-Godari Recent version 2.13 was released on December 2, 2024. To ensure stability, I opted to use commons-dbcp2 version 2.12, which was released earlier on March 4, 2024

@ShahimSharafudeen
Copy link

@bibith4 LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Dilli-Babu-Godari Dilli-Babu-Godari Dilli-Babu-Godari approved these changes

@ShahimSharafudeen ShahimSharafudeen ShahimSharafudeen approved these changes

@presto-oss presto-oss Awaiting requested review from presto-oss presto-oss is a code owner automatically assigned from prestodb/committers

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
from:IBM PR from IBM
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bibith4 @Dilli-Babu-Godari @ShahimSharafudeen @prestodb-ci