Skip to content

Comments

Upgraded spring boot maven plugin and spring core version to resolve multiple CVE#21528

Merged
tdcmeehan merged 1 commit intoprestodb:masterfrom
anilsomisetty:vulnerability_fixes
Dec 15, 2023
Merged

Upgraded spring boot maven plugin and spring core version to resolve multiple CVE#21528
tdcmeehan merged 1 commit intoprestodb:masterfrom
anilsomisetty:vulnerability_fixes

Conversation

@anilsomisetty
Copy link
Contributor

@anilsomisetty anilsomisetty commented Dec 13, 2023
edited
Loading

Description

This PR fixes the issue #21527

Motivation and Context

Impact

Test Plan

I have ran the presto-benchto-benchmarks module test cases after upgrading the dependency versions and all tests are passed.

Contributor checklist

  • Please make sure your submission complies with our development, formatting, commit message, and attribution guidelines.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== NO RELEASE NOTE ==

@anilsomisetty anilsomisetty requested a review from a team as a code owner December 13, 2023 08:30
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Dec 13, 2023
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: anilsomisetty / name: Anil Gupta Somisetty (e37acd7)

tdcmeehan
tdcmeehan requested changes Dec 15, 2023
View reviewed changes
Copy link
Contributor

@tdcmeehan tdcmeehan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM % add some comments so we understand why we need to do this. Ideally, we would migrate the dependency to something we own and can fix directly.

@tdcmeehan tdcmeehan self-assigned this Dec 15, 2023
tdcmeehan
tdcmeehan approved these changes Dec 15, 2023
View reviewed changes
Copy link
Contributor

@tdcmeehan tdcmeehan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM--thanks for fixing these CVEs!

@tdcmeehan tdcmeehan linked an issue Dec 15, 2023 that may be closed by this pull request
Security vulnerabilities issues with spring boot maven plugin and spring core #21527
Closed
@tdcmeehan tdcmeehan merged commit 63be8b4 into prestodb:master Dec 15, 2023
This was referenced Jan 17, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tdcmeehan tdcmeehan tdcmeehan approved these changes

@presto-oss presto-oss Awaiting requested review from presto-oss presto-oss is a code owner automatically assigned from prestodb/committers

Assignees

@tdcmeehan tdcmeehan

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security vulnerabilities issues with spring boot maven plugin and spring core

2 participants

@anilsomisetty @tdcmeehan