From f960752c0075c2be57e951284e42146351d7879d Mon Sep 17 00:00:00 2001 From: Mariam Almesfer Date: Tue, 7 Oct 2025 14:33:07 +0300 Subject: [PATCH] Fix CVE-2025-48924: Upgrade calcite-core in presto-pinot Replaced the vulnerable commons-lang dependency with the updated commons-lang3 version in presto-accumulo --- presto-accumulo/pom.xml | 6 ------ .../java/com/facebook/presto/accumulo/index/Indexer.java | 2 +- .../facebook/presto/accumulo/io/AccumuloRecordCursor.java | 2 +- .../main/java/com/facebook/presto/accumulo/model/Row.java | 2 +- presto-pinot-toolkit/pom.xml | 2 +- 5 files changed, 4 insertions(+), 10 deletions(-) diff --git a/presto-accumulo/pom.xml b/presto-accumulo/pom.xml index 0b21198df50bf..882bd665d6da1 100644 --- a/presto-accumulo/pom.xml +++ b/presto-accumulo/pom.xml @@ -232,12 +232,6 @@ guice - - commons-lang - commons-lang - 2.6 - - org.apache.commons commons-lang3 diff --git a/presto-accumulo/src/main/java/com/facebook/presto/accumulo/index/Indexer.java b/presto-accumulo/src/main/java/com/facebook/presto/accumulo/index/Indexer.java index 9ff5a6216cac4..3d3e0215fd35e 100644 --- a/presto-accumulo/src/main/java/com/facebook/presto/accumulo/index/Indexer.java +++ b/presto-accumulo/src/main/java/com/facebook/presto/accumulo/index/Indexer.java @@ -46,7 +46,7 @@ import org.apache.accumulo.core.iterators.user.SummingCombiner; import org.apache.accumulo.core.security.Authorizations; import org.apache.accumulo.core.security.ColumnVisibility; -import org.apache.commons.lang.ArrayUtils; +import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.tuple.Pair; import org.apache.hadoop.io.Text; diff --git a/presto-accumulo/src/main/java/com/facebook/presto/accumulo/io/AccumuloRecordCursor.java b/presto-accumulo/src/main/java/com/facebook/presto/accumulo/io/AccumuloRecordCursor.java index 39fbf440dc975..4ca2e9a250ea1 100644 --- a/presto-accumulo/src/main/java/com/facebook/presto/accumulo/io/AccumuloRecordCursor.java +++ b/presto-accumulo/src/main/java/com/facebook/presto/accumulo/io/AccumuloRecordCursor.java @@ -30,7 +30,7 @@ import org.apache.accumulo.core.data.Value; import org.apache.accumulo.core.iterators.FirstEntryInRowIterator; import org.apache.accumulo.core.iterators.user.WholeRowIterator; -import org.apache.commons.lang.StringUtils; +import org.apache.commons.lang3.StringUtils; import org.apache.hadoop.io.Text; import java.io.IOException; diff --git a/presto-accumulo/src/main/java/com/facebook/presto/accumulo/model/Row.java b/presto-accumulo/src/main/java/com/facebook/presto/accumulo/model/Row.java index 893ba72b64526..bcec391eb259b 100644 --- a/presto-accumulo/src/main/java/com/facebook/presto/accumulo/model/Row.java +++ b/presto-accumulo/src/main/java/com/facebook/presto/accumulo/model/Row.java @@ -21,7 +21,7 @@ import com.google.common.base.Splitter; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; -import org.apache.commons.lang.StringUtils; +import org.apache.commons.lang3.StringUtils; import java.sql.Date; import java.sql.Time; diff --git a/presto-pinot-toolkit/pom.xml b/presto-pinot-toolkit/pom.xml index 8458e1b26b6a8..20e19fa82d695 100644 --- a/presto-pinot-toolkit/pom.xml +++ b/presto-pinot-toolkit/pom.xml @@ -14,7 +14,7 @@ ${project.parent.basedir} - 1.38.0 + 1.41.0 17 true 1.20.0