Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade zookeeper version to remove vulnerabilities(Do not Review) #24416

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Upgrade zookeeper version to remove vulnerabilities(Do not Review) #24416

wants to merge 1 commit into from

Conversation

bibith4
Copy link
Contributor

@bibith4 bibith4 commented Jan 22, 2025
edited
Loading

Description

Changes to upgrade zookeeper versions to 3.9.3 to remove vulnerabilities

Motivation and Context

The presto-accumulo, presto-delta,presto-hive,presto-kafka and presto-hudi have interdependencies with zookeeper version 3.4.14, which contain vulnerabilities. These vulnerabilities can be removed by upgrading the zookeeper dependency to 3.9.3

Impact

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Security Changes
* Fix security vulnerability in presto-accumulo, presto-delta,presto-hive,presto-kafka and presto-hudi  in response to `CVE-2023-44981 <https://nvd.nist.gov/vuln/detail/cve-2023-44981>`_. :pr:`24416`

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Jan 22, 2025
@prestodb-ci prestodb-ci requested review from a team, wanglinsong and pratyakshsharma and removed request for a team January 22, 2025 07:06
@steveburnett
Copy link
Contributor

Thanks for the release note! Suggest adding a little description of the work done in the PR ("Upgrade zookeeper to 3.9.3") that results in fixing the security vulnerabilities.

== RELEASE NOTES ==

Security Changes
* Upgrade zookeeper to 3.9.3 to fix security vulnerability in presto-accumulo, presto-delta,presto-hive,presto-kafka and presto-hudi  in response to `CVE-2023-44981 <https://nvd.nist.gov/vuln/detail/cve-2023-44981>`_. :pr:`24416`

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wanglinsong wanglinsong Awaiting requested review from wanglinsong wanglinsong was automatically assigned from prestodb/ibm-reviewers

@pratyakshsharma pratyakshsharma Awaiting requested review from pratyakshsharma pratyakshsharma was automatically assigned from prestodb/ibm-reviewers

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
from:IBM PR from IBM
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bibith4 @steveburnett @prestodb-ci