Skip to content

chore(deps): Bump org.apache.logging.log4j:log4j-core from 2.24.3 to 2.25.3#26885

Merged
nishithakbhaskaran merged 1 commit intoprestodb:masterfrom
nishithakbhaskaran:log4j-core
Jan 2, 2026
Merged

chore(deps): Bump org.apache.logging.log4j:log4j-core from 2.24.3 to 2.25.3#26885
nishithakbhaskaran merged 1 commit intoprestodb:masterfrom
nishithakbhaskaran:log4j-core

Conversation

@nishithakbhaskaran
Copy link
Contributor

@nishithakbhaskaran nishithakbhaskaran commented Jan 1, 2026
edited
Loading

Description

Bump org.apache.logging.log4j:log4j-core from 2.24.3 to 2.25.3

Motivation and Context

#26863
#26839
#26835

Impact

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.
  • If adding new dependencies, verified they have an OpenSSF Scorecard score of 5.0 or higher (or obtained explicit TSC approval for lower scores).

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Security Changes
* Upgrade org.apache.logging.log4j:log4j-core from from 2.24.3 to 2.25.3 to address `CVE-2025-68161 <https://nvd.nist.gov/vuln/detail/CVE-2025-68161>`_.

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Jan 1, 2026
@nishithakbhaskaran nishithakbhaskaran changed the title Bump up dep.log4j.version to 2.25.3 Bump org.apache.logging.log4j:log4j-core from 2.24.3 to 2.25.3 Jan 1, 2026
@nishithakbhaskaran nishithakbhaskaran changed the title Bump org.apache.logging.log4j:log4j-core from 2.24.3 to 2.25.3 Test Jan 1, 2026
@nishithakbhaskaran nishithakbhaskaran changed the title Test chore(deps): Bump org.apache.logging.log4j:log4j-core from 2.24.3 to 2.25.3 Jan 1, 2026
@nishithakbhaskaran nishithakbhaskaran marked this pull request as ready for review January 1, 2026 10:45
@nishithakbhaskaran nishithakbhaskaran requested a review from a team as a code owner January 1, 2026 10:45
@prestodb-ci prestodb-ci requested review from a team, nmahadevuni and wanglinsong and removed request for a team January 1, 2026 10:45
agrawalreetika
agrawalreetika reviewed Jan 2, 2026
View reviewed changes
Copy link
Member

@agrawalreetika agrawalreetika left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Version changes lgtm.
I was thinking since log4j is used in multiple places, should we mainitain it from root pom?

@nishithakbhaskaran
Copy link
Contributor Author

nishithakbhaskaran commented Jan 2, 2026
edited
Loading

Version changes lgtm. I was thinking since log4j is used in multiple places, should we mainitain it from root pom?

@agrawalreetika #24507 (comment) based on this previous PR comment it was moved out from root pom and added into respective connectors.

hantangwangd
hantangwangd approved these changes Jan 2, 2026
View reviewed changes
Copy link
Member

@hantangwangd hantangwangd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @nishithakbhaskaran

@nishithakbhaskaran nishithakbhaskaran merged commit 1826ee9 into prestodb:master Jan 2, 2026
113 of 125 checks passed
This was referenced Jan 2, 2026
Closed
Closed
Closed
@nishithakbhaskaran nishithakbhaskaran deleted the log4j-core branch January 2, 2026 06:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@agrawalreetika agrawalreetika agrawalreetika approved these changes

@hantangwangd hantangwangd hantangwangd approved these changes

@wanglinsong wanglinsong Awaiting requested review from wanglinsong wanglinsong was automatically assigned from prestodb/ibm-reviewers

@nmahadevuni nmahadevuni Awaiting requested review from nmahadevuni nmahadevuni was automatically assigned from prestodb/ibm-reviewers

Assignees

No one assigned

Labels

from:IBM PR from IBM

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nishithakbhaskaran @agrawalreetika @hantangwangd @prestodb-ci