Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update zookeeper version to fix common vulnerabilities and exposures(Do not review) #24403

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Update zookeeper version to fix common vulnerabilities and exposures(Do not review) #24403

wants to merge 3 commits into from
+115 −141

Conversation

bibith4
Copy link
Contributor

@bibith4 bibith4 commented Jan 21, 2025
edited
Loading

Description

Changes to upgrade zookeeper versions to 3.9.3 to remove vulnerabilities

Motivation and Context

The presto-accumulo, presto-delta,presto-hive,presto-kafka and presto-hudi have interdependencies with zookeeper version 3.4.14, which contain vulnerabilities. These vulnerabilities can be removed by upgrading the zookeeper dependency to 3.9.3

Impact

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Security Changes
* Fix security vulnerability in presto-accumulo, presto-delta,presto-hive,presto-kafka and presto-hudi  in response to `CVE-2023-44981 <https://nvd.nist.gov/vuln/detail/cve-2023-44981>`_. :pr:`24403`

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Jan 21, 2025
@prestodb-ci prestodb-ci requested review from a team, aaneja and BryanCutler and removed request for a team January 21, 2025 09:50
@bibith4 bibith4 force-pushed the zookeeper_update_v1.1.6 branch from e142e23 to b819bf6 Compare January 21, 2025 09:54
@bibith4 bibith4 force-pushed the zookeeper_update_v1.1.6 branch from b819bf6 to dc1cc7b Compare January 21, 2025 09:59
BryanCutler
BryanCutler previously approved these changes Jan 22, 2025
View reviewed changes
Copy link
Contributor

@BryanCutler BryanCutler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM pending tests

aaneja
aaneja reviewed Jan 22, 2025
View reviewed changes
presto-accumulo/src/test/java/com/facebook/presto/accumulo/TestingAccumuloServer.java
{
return instance;
}
private TestingAccumuloServer()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Has this been picked from Trino ? If so, can you follow the attribution guidelines and link to the commit you used

pom.xml
@@ -1936,7 +1936,7 @@
<dependency>
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
<version>3.4.14</version>
<version>3.9.3</version>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

JFYI - We do have an upgrade to Kafka dependencies as a WIP too -#24382
It should not impact this PR (tests seem to pass) cc : @ZacBlanco

@bibith4 bibith4 changed the title Update zookeeper version to fix common vulnerabilities and exposures Update zookeeper version to fix common vulnerabilities and exposures(Do not review) Jan 22, 2025
@steveburnett
Copy link
Contributor

Thanks for the release note! Suggest adding a little description of the work done in the PR ("Upgrade zookeeper to 3.9.3") that results in fixing the security vulnerabilities.

== RELEASE NOTES ==

Security Changes
* Upgrade zookeeper to 3.9.3 to fix security vulnerability in presto-accumulo, presto-delta,presto-hive,presto-kafka and presto-hudi  in response to `CVE-2023-44981 <https://nvd.nist.gov/vuln/detail/cve-2023-44981>`_. :pr:`24403`

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaneja aaneja aaneja left review comments

@BryanCutler BryanCutler BryanCutler left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
from:IBM PR from IBM
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@bibith4 @steveburnett @aaneja @BryanCutler @prestodb-ci