Skip to content

Comments

Upgraded spring boot maven plugin and spring core version to resolve multiple CVE#21528

Merged
tdcmeehan merged 1 commit intoprestodb:masterfrom
anilsomisetty:vulnerability_fixes
Dec 15, 2023
Merged

Upgraded spring boot maven plugin and spring core version to resolve multiple CVE#21528
tdcmeehan merged 1 commit intoprestodb:masterfrom
anilsomisetty:vulnerability_fixes

Conversation

@anilsomisetty
Copy link
Contributor

@anilsomisetty anilsomisetty commented Dec 13, 2023

Description

This PR fixes the issue #21527

Motivation and Context

Impact

Test Plan

I have ran the presto-benchto-benchmarks module test cases after upgrading the dependency versions and all tests are passed.

Contributor checklist

  • Please make sure your submission complies with our development, formatting, commit message, and attribution guidelines.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== NO RELEASE NOTE ==

@anilsomisetty anilsomisetty requested a review from a team as a code owner December 13, 2023 08:30
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Dec 13, 2023

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: anilsomisetty / name: Anil Gupta Somisetty (e37acd7)

Copy link
Contributor

@tdcmeehan tdcmeehan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM % add some comments so we understand why we need to do this. Ideally, we would migrate the dependency to something we own and can fix directly.

@tdcmeehan tdcmeehan self-assigned this Dec 15, 2023
Copy link
Contributor

@tdcmeehan tdcmeehan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM--thanks for fixing these CVEs!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Security vulnerabilities issues with spring boot maven plugin and spring core

2 participants