Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update lucene-core, lucene-analyzers-common, and lucene-queryparser version to 8.10.0 #24143

Draft
wants to merge 7 commits into
base: master
Choose a base branch
from
Draft

Update lucene-core, lucene-analyzers-common, and lucene-queryparser version to 8.10.0 #24143

wants to merge 7 commits into from

Conversation

imsayari404
Copy link
Contributor

@imsayari404 imsayari404 commented Nov 25, 2024
edited
Loading

Description

3 medium CVE resolved.

Upgradation performed :

  1. lucene-core(https://www.mend.io/vulnerability-database/WS-2021-0646) : 8.2.0 to 8.10.0
  2. lucene-analyzer-common(https://www.mend.io/vulnerability-database/WS-2021-0646) : 7.7.3 to 8.10.0
  3. lucene-queryparser(https://vuln.whitesourcesoftware.com/vulnerability/WS-2021-0646) : 8.2.0 to 8.10.0

Motivation and Context

Apache Lucene through 7.x and 8.x before 8.10 is vulnerable to a denial of service. By sending a specific regular expression query, a remote attacker could exploit this vulnerability to consume all available CPU resources.

Impact

3 medium cve got resolved.

Test Plan

In progress

Contributor checklist

  • Please make sure your submission complies with our development, formatting, commit message, and attribution guidelines.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Security Changes
* Upgrade lucene-core to 8.10.0  :pr:`#24143`
* Upgrade lucene-queryparser to 8.10.0  :pr:`#24143`
* Upgrade lucene-analyzer-common to 8.10.0  :pr:`#24143`

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Nov 25, 2024
@prestodb-ci prestodb-ci requested review from a team, anandamideShakyan and sh-shamsan and removed request for a team November 25, 2024 18:40
@imsayari404 imsayari404 force-pushed the lucene_package branch 7 times, most recently from dc79298 to 2c91267 Compare November 27, 2024 08:33
@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Nov 27, 2024
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@imsayari404 imsayari404 force-pushed the lucene_package branch 3 times, most recently from 5251e2b to aa95d0a Compare November 27, 2024 15:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anandamideShakyan anandamideShakyan Awaiting requested review from anandamideShakyan anandamideShakyan was automatically assigned from prestodb/ibm-reviewers

@sh-shamsan sh-shamsan Awaiting requested review from sh-shamsan sh-shamsan was automatically assigned from prestodb/ibm-reviewers

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
from:IBM PR from IBM
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@imsayari404 @prestodb-ci