Skip to content

upgrade kafka version to 3.9.1 in response to CVE-2025-27817#25312

Merged
tdcmeehan merged 1 commit intoprestodb:masterfrom
namya28:kafka-clients-vulfix
Jun 23, 2025
Merged

upgrade kafka version to 3.9.1 in response to CVE-2025-27817#25312
tdcmeehan merged 1 commit intoprestodb:masterfrom
namya28:kafka-clients-vulfix

Conversation

@namya28
Copy link
Contributor

@namya28 namya28 commented Jun 13, 2025
edited
Loading

Description

This PR is for upgrading the Kafka version to the version 3.9.1 .
This fixes CVE-2025-27817.

Motivation and Context

Impact

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Security Changes
* Upgrade kafka to 3.9.1 in response to `CVE-2025-27817 <https://github.com/advisories/GHSA-vgq5-3255-v292>`_. :pr:`25312`

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Jun 13, 2025
@namya28 namya28 force-pushed the kafka-clients-vulfix branch from dc5b8b1 to d6554a2 Compare June 16, 2025 07:12
@namya28 namya28 force-pushed the kafka-clients-vulfix branch from d6554a2 to fbb2807 Compare June 16, 2025 09:08
@namya28 namya28 marked this pull request as ready for review June 16, 2025 10:58
@namya28 namya28 requested a review from a team as a code owner June 16, 2025 10:58
@namya28 namya28 requested a review from jaystarshot June 16, 2025 10:58
@prestodb-ci prestodb-ci requested review from a team, NivinCS and nishithakbhaskaran and removed request for a team June 16, 2025 10:58
@prestodb-ci
Copy link
Contributor

prestodb-ci commented Jun 17, 2025

@ethanyzhang imported this issue as lakehouse/presto #25312

NivinCS
NivinCS reviewed Jun 18, 2025
View reviewed changes
@NivinCS
Copy link
Contributor

NivinCS commented Jun 18, 2025

@namya28 , Please check and fix the CI pipeline failures

imjalpreet
imjalpreet approved these changes Jun 18, 2025
View reviewed changes
Copy link
Member

@imjalpreet imjalpreet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

nishithakbhaskaran
nishithakbhaskaran approved these changes Jun 19, 2025
View reviewed changes
Copy link
Contributor

@nishithakbhaskaran nishithakbhaskaran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix. LGTM !!

NivinCS
NivinCS approved these changes Jun 19, 2025
View reviewed changes
Copy link
Contributor

@NivinCS NivinCS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tdcmeehan tdcmeehan merged commit 61a33c8 into prestodb:master Jun 23, 2025
286 of 291 checks passed
This was referenced Jul 4, 2025
Merged
Closed
Closed
This was referenced Jul 24, 2025
Merged
Merged
@prestodb-ci prestodb-ci mentioned this pull request Jul 28, 2025
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@imjalpreet imjalpreet imjalpreet approved these changes

@tdcmeehan tdcmeehan tdcmeehan approved these changes

@nishithakbhaskaran nishithakbhaskaran nishithakbhaskaran approved these changes

@NivinCS NivinCS NivinCS approved these changes

@jaystarshot jaystarshot Awaiting requested review from jaystarshot jaystarshot is a code owner automatically assigned from prestodb/committers

Assignees

No one assigned

Labels

from:IBM PR from IBM Security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@namya28 @prestodb-ci @NivinCS @imjalpreet @tdcmeehan @nishithakbhaskaran