Skip to content

Upgrade Coral dependency to v2.0.77#12515

Merged
findepi merged 1 commit intotrinodb:masterfrom
alexjo2144:coral-version-upgrade
May 23, 2022
Merged

Upgrade Coral dependency to v2.0.77#12515
findepi merged 1 commit intotrinodb:masterfrom
alexjo2144:coral-version-upgrade

Conversation

@alexjo2144
Copy link
Member

@alexjo2144 alexjo2144 commented May 23, 2022

Description

This version includes an updated gson dependency to mitigate
CVE-2022-25647.

Is this change a fix, improvement, new feature, refactoring, or other?

Dependency upgrade

Is this a change to the core query engine, a connector, client library, or the SPI interfaces? (be specific)

Hive and Iceberg connectors

How would you describe this change to a non-technical end user or system administrator?

Does not have any user impact.

Related issues, pull requests, and links

Part of #12450

Documentation

( ) No documentation is needed.
( ) Sufficient documentation is included in this PR.
( ) Documentation PR is available with #prnumber.
( ) Documentation issue #issuenumber is filed, and can be handled later.

Release notes

( ) No release notes entries required.
(x) Release notes entries required with the following suggested text:

# Section
* Fix some things. ({issue}`issuenumber`)

@alexjo2144
Upgrade Coral dependency to v2.0.77
b3615af 
This version includes an updated gson dependency to mitigate
CVE-2022-25647.
@cla-bot cla-bot bot added the cla-signed label May 23, 2022
@alexjo2144 alexjo2144 requested a review from findepi May 23, 2022 14:38
findinpath
findinpath reviewed May 23, 2022
View reviewed changes
pom.xml
<dep.testcontainers.version>1.16.3</dep.testcontainers.version>
<dep.duct-tape.version>1.0.8</dep.duct-tape.version>
<dep.docker-java.version>3.2.12</dep.docker-java.version>
<dep.coral.version>2.0.55</dep.coral.version>
Copy link
Contributor

@findinpath findinpath May 23, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI I skimmed the change notes from coral and haven't found any bigger change since 2.0.55

https://github.com/linkedin/coral/releases

@findepi findepi merged commit 239d847 into trinodb:master May 23, 2022
@findepi findepi added the no-release-notes This pull request does not require release notes entry label May 23, 2022
@github-actions github-actions bot added this to the 382 milestone May 23, 2022
@findepi
Copy link
Member

findepi commented May 23, 2022

No release notes. Cursory read of the CVE suggests it is serialization related and Trino is most likely not affected.

@mosabua mosabua mentioned this pull request May 24, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@findepi findepi findepi approved these changes

+1 more reviewer

@findinpath findinpath findinpath left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla-signed no-release-notes This pull request does not require release notes entry

Milestone

382

Development

Successfully merging this pull request may close these issues.

3 participants

@alexjo2144 @findepi @findinpath