Skip to content

Upgrade the jar org.apache.commons:commons-text:1.10.0 to 1.13.0 #24467

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tdcmeehan merged 1 commit into from
Feb 7, 2025
Merged

Upgrade the jar org.apache.commons:commons-text:1.10.0 to 1.13.0 #24467

tdcmeehan merged 1 commit into from
Feb 7, 2025

Conversation

@sumi-mathew
Copy link
Contributor

@sumi-mathew sumi-mathew commented Jan 31, 2025
edited
Loading

Description

Upgrade the org.apache.commons:commons-text dependency from version 1.10.0 to 1.13.0 to avoiding CVE issues.
As part of this , upgraded commons.lang3 - 3.14.0 to 3.17.0

Motivation and Context

Upgrading the org.apache.commons:commons-text dependency from version 1.10.0 to 1.13.0 to reduce the risk of introducing new security flaws

Impact

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Security
* Upgrade commons-text  to 1.13.0 in response to `CVE-2024-47554<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47554>`_.

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Jan 31, 2025
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Jan 31, 2025
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@sumi-mathew sumi-mathew force-pushed the jar-upgarde-common-txt branch from 492b7a2 to f26d4d7 Compare January 31, 2025 06:47
@sumi-mathew sumi-mathew marked this pull request as ready for review January 31, 2025 08:36
@sumi-mathew sumi-mathew requested a review from a team as a code owner January 31, 2025 08:36
agrawalreetika
agrawalreetika reviewed Feb 1, 2025
View reviewed changes
@sumi-mathew sumi-mathew force-pushed the jar-upgarde-common-txt branch 2 times, most recently from dc51f16 to 18045ac Compare February 3, 2025 06:04
agrawalreetika
agrawalreetika reviewed Feb 3, 2025
View reviewed changes
Copy link
Member

@agrawalreetika agrawalreetika left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update commit message somethng like -

Upgrade commons-text dependency to address <CVE-Link>

@sumi-mathew sumi-mathew force-pushed the jar-upgarde-common-txt branch from 18045ac to cc76355 Compare February 3, 2025 11:03
@steveburnett
Copy link
Contributor

steveburnett commented Feb 3, 2025

New release note guidelines as of last week: PR #24354 automatically adds links to this PR to the release notes. Please remove the manual PR link in the following format from the release note entries for this PR.

:pr:`12345`

I have updated the Release Notes Guidelines to remove the examples of manually adding the PR link.

@sumi-mathew
Copy link
Contributor Author

sumi-mathew commented Feb 3, 2025

New release note guidelines as of last week: PR #24354 automatically adds links to this PR to the release notes. Please remove the manual PR link in the following format from the release note entries for this PR.

:pr:`12345`

I have updated the Release Notes Guidelines to remove the examples of manually adding the PR link.

Addressed the comment

@agrawalreetika
Copy link
Member

agrawalreetika commented Feb 3, 2025

@sumi-mathew The Current commit message is long doesn't follow commit guidelines - https://github.com/prestodb/presto/blob/master/CONTRIBUTING.md#commit-message-style

@sumi-mathew sumi-mathew force-pushed the jar-upgarde-common-txt branch from cc76355 to 50d8890 Compare February 3, 2025 16:50
@sumi-mathew sumi-mathew force-pushed the jar-upgarde-common-txt branch from 50d8890 to c0c259e Compare February 3, 2025 16:53
@tdcmeehan tdcmeehan merged commit 8789cd9 into prestodb:master Feb 7, 2025
54 checks passed
This was referenced Mar 10, 2025
Closed
Closed
jp-sivaprasad pushed a commit to jp-sivaprasad/presto that referenced this pull request Mar 10, 2025
@sumi-mathew @jp-sivaprasad
Upgrade commons-text dependency to address CVE-2024-47554 (prestodb#2…
a226176 
…4467)
@prestodb-ci prestodb-ci mentioned this pull request Mar 28, 2025
Merged
30 tasks
@prestodb-ci prestodb-ci requested review from a team and removed request for a team April 3, 2025 04:08
@unidevel unidevel mentioned this pull request Apr 25, 2025
Closed
30 tasks
This was referenced May 6, 2025
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@agrawalreetika agrawalreetika agrawalreetika approved these changes

@tdcmeehan tdcmeehan tdcmeehan approved these changes

@presto-oss presto-oss Awaiting requested review from presto-oss presto-oss is a code owner automatically assigned from prestodb/committers

@namya28 namya28 Awaiting requested review from namya28 namya28 was automatically assigned from prestodb/ibm-reviewers

@nishithakbhaskaran nishithakbhaskaran Awaiting requested review from nishithakbhaskaran nishithakbhaskaran was automatically assigned from prestodb/ibm-reviewers

Assignees

No one assigned

Labels

from:IBM PR from IBM Security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@sumi-mathew @steveburnett @agrawalreetika @tdcmeehan @ethanyzhang @prestodb-ci