Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated lucene-core, lucene-analyzers-common, and lucene-queryparser version to 8.10.0 #24168

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Updated lucene-core, lucene-analyzers-common, and lucene-queryparser version to 8.10.0 #24168

wants to merge 1 commit into from
+71 −7

Conversation

imsayari404
Copy link
Contributor

@imsayari404 imsayari404 commented Nov 28, 2024
edited
Loading

Description

3 medium CVE resolved.

Upgradation performed :

  1. lucene-core(https://www.mend.io/vulnerability-database/WS-2021-0646) : 8.2.0 to 8.10.0
    lucene-core (8.10.0) gets introduced through lucene-analyzers-common(8.10.0)
  2. lucene-analyzer-common(https://www.mend.io/vulnerability-database/WS-2021-0646) : 7.7.3 to 8.10.0
  3. lucene-queryparser(https://vuln.whitesourcesoftware.com/vulnerability/WS-2021-0646) : 8.2.0 to 8.10.0

Motivation and Context

Apache Lucene through 7.x and 8.x before 8.10 is vulnerable to a denial of service. By sending a specific regular expression query, a remote attacker could exploit this vulnerability to consume all available CPU resources.

Impact

3 medium cve got resolved.

Contributor checklist

  • Please make sure your submission complies with our development, formatting, commit message, and attribution guidelines.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Security Changes
* Upgrade lucene-core to 8.10.0  :pr:`#24168`
* Upgrade lucene-queryparser to 8.10.0  :pr:`#24168`
* Upgrade lucene-analyzer-common to 8.10.0  :pr:`#24168`

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Nov 28, 2024
@prestodb-ci prestodb-ci requested review from a team, infvg and pratyakshsharma and removed request for a team November 28, 2024 10:47
@imsayari404 imsayari404 marked this pull request as ready for review November 30, 2024 11:57
@imsayari404 imsayari404 changed the title Update lucene-core, lucene-analyzers-common, and lucene-queryparser version to 8.10.0 Updated lucene-core, lucene-analyzers-common, and lucene-queryparser version to 8.10.0 Nov 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@infvg infvg Awaiting requested review from infvg infvg was automatically assigned from prestodb/ibm-reviewers

@pratyakshsharma pratyakshsharma Awaiting requested review from pratyakshsharma pratyakshsharma was automatically assigned from prestodb/ibm-reviewers

@hantangwangd hantangwangd Awaiting requested review from hantangwangd hantangwangd is a code owner

@ZacBlanco ZacBlanco Awaiting requested review from ZacBlanco ZacBlanco is a code owner

@vinothchandar vinothchandar Awaiting requested review from vinothchandar vinothchandar is a code owner

@7c00 7c00 Awaiting requested review from 7c00 7c00 is a code owner

@shrinidhijoshi shrinidhijoshi Awaiting requested review from shrinidhijoshi shrinidhijoshi is a code owner

@presto-oss presto-oss Awaiting requested review from presto-oss presto-oss is a code owner automatically assigned from prestodb/committers

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
from:IBM PR from IBM
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@imsayari404 @prestodb-ci