Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade org.apache.ratis dependency to address CVE-2020-15250 #24496

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Upgrade org.apache.ratis dependency to address CVE-2020-15250 #24496

wants to merge 1 commit into from

Conversation

sumi-mathew
Copy link
Contributor

@sumi-mathew sumi-mathew commented Feb 5, 2025
edited
Loading

Description

Upgrade the org.apache.ratis dependency from version 2.2.0 to 3.1.3 to avoiding CVE issues.

CVE-2020-15250

Motivation and Context

Upgrading the org.apache.ratis dependency from version 2.2.0 to 3.1.3 to to reduce the risk of introducing new security flaws

Impact

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Security Changes
* Upgrade org.apache.ratis  to 3.1.3 in response to `CVE-2020-15250<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250>`_.

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Feb 5, 2025
@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Feb 5, 2025
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@sumi-mathew sumi-mathew force-pushed the ratis_jar_upgarde branch 3 times, most recently from 7436c6d to 3bb7961 Compare February 5, 2025 07:35
@sumi-mathew sumi-mathew changed the title Upgrade org.apache.ratis dependency to address CVE-2022-23307 Upgrade org.apache.ratis dependency to address CVE-2020-15250 Feb 11, 2025
@sumi-mathew sumi-mathew marked this pull request as ready for review February 11, 2025 11:46
jaystarshot
jaystarshot reviewed Feb 11, 2025
View reviewed changes
imjalpreet
imjalpreet reviewed Feb 11, 2025
View reviewed changes
@sumi-mathew sumi-mathew force-pushed the ratis_jar_upgarde branch 3 times, most recently from e77d3f9 to e9a1071 Compare February 12, 2025 11:55
imjalpreet
imjalpreet requested changes Feb 12, 2025
View reviewed changes
@steveburnett
Copy link
Contributor

Thanks for the release note! Just one nit.

== RELEASE NOTES ==

Security Changes
* Upgrade org.apache.ratis  to 3.1.3 in response to `CVE-2020-15250<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250>`_.

@sumi-mathew sumi-mathew force-pushed the ratis_jar_upgarde branch 2 times, most recently from 0d938db to c8d52ee Compare February 13, 2025 04:42
imjalpreet
imjalpreet reviewed Feb 13, 2025
View reviewed changes
Copy link
Member

@imjalpreet imjalpreet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just a minor nit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaystarshot jaystarshot jaystarshot approved these changes

@feilong-liu feilong-liu Awaiting requested review from feilong-liu feilong-liu is a code owner

@elharo elharo Awaiting requested review from elharo elharo is a code owner

@ClarenceThreepwood ClarenceThreepwood Awaiting requested review from ClarenceThreepwood ClarenceThreepwood is a code owner

@presto-oss presto-oss Awaiting requested review from presto-oss presto-oss is a code owner automatically assigned from prestodb/committers

@imjalpreet imjalpreet Awaiting requested review from imjalpreet

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
from:IBM PR from IBM
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sumi-mathew @steveburnett @imjalpreet @jaystarshot @prestodb-ci