This is an automated email from the ASF dual-hosted git repository.
bobbai00 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/texera.git
The following commit(s) were added to refs/heads/main by this push:
new 6b79896f17 chore: upgrade postgresql to 42.7.10 due to CVE (#4420)
6b79896f17 is described below
commit 6b79896f1745eff4f031a11265157a2ce51c23c7
Author: PJ Fanning <[email protected]>
AuthorDate: Tue May 5 23:56:11 2026 +0100
chore: upgrade postgresql to 42.7.10 due to CVE (#4420)
<!--
Thanks for sending a pull request (PR)! Here are some tips for you:
1. If this is your first time, please read our contributor guidelines:
[Contributing to
Texera](https://github.com/apache/texera/blob/main/CONTRIBUTING.md)
2. Ensure you have added or run the appropriate tests for your PR
3. If the PR is work in progress, mark it a draft on GitHub.
4. Please write your PR title to summarize what this PR proposes, we
are following Conventional Commits style for PR titles as well.
5. Be sure to keep the PR description updated to reflect all changes.
-->
### What changes were proposed in this PR?
<!--
Please clarify what changes you are proposing. The purpose of this
section
is to outline the changes. Here are some tips for you:
1. If you propose a new API, clarify the use case for a new API.
2. If you fix a bug, you can clarify why it is a bug.
3. If it is a refactoring, clarify what has been changed.
3. It would be helpful to include a before-and-after comparison using
screenshots or GIFs.
4. Please consider writing useful notes for better and faster reviews.
-->
CVE-2025-49146 affects 42.7.4 which is used in various places
### Any related issues, documentation, discussions?
<!--
Please use this section to link other resources if not mentioned
already.
1. If this PR fixes an issue, please include `Fixes #1234`, `Resolves
#1234`
or `Closes #1234`. If it is only related, simply mention the issue
number.
2. If there is design documentation, please add the link.
3. If there is a discussion in the mailing list, please add the link.
-->
### How was this PR tested?
<!--
If tests were added, say they were added here. Or simply mention that if
the PR
is tested with existing test cases. Make sure to include/update test
cases that
check the changes thoroughly including negative and positive cases if
possible.
If it was tested in a way different from regular unit tests, please
clarify how
you tested step by step, ideally copy and paste-able, so that other
reviewers can
test and check, and descendants can verify in the future. If tests were
not added,
please describe why they were not added and/or why it was difficult to
add.
-->
### Was this PR authored or co-authored using generative AI tooling?
<!--
If generative AI tooling has been used in the process of authoring this
PR,
please include the phrase: 'Generated-by: ' followed by the name of the
tool
and its version. If no, write 'No'.
Please refer to the [ASF Generative Tooling
Guidance](https://www.apache.org/legal/generative-tooling.html) for
details.
-->
---
access-control-service/LICENSE-binary | 2 +-
amber/LICENSE-binary-java | 2 +-
amber/build.sbt | 2 +-
common/dao/build.sbt | 2 +-
common/workflow-core/build.sbt | 2 +-
computing-unit-managing-service/LICENSE-binary | 2 +-
config-service/LICENSE-binary | 2 +-
file-service/LICENSE-binary | 2 +-
workflow-compiling-service/LICENSE-binary | 2 +-
9 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/access-control-service/LICENSE-binary
b/access-control-service/LICENSE-binary
index 9502e28b21..6bb66df548 100644
--- a/access-control-service/LICENSE-binary
+++ b/access-control-service/LICENSE-binary
@@ -341,7 +341,7 @@ Dependencies under the BSD 2-Clause License
--------------------------------------------------------------------------------
Scala/Java jars:
- - org.postgresql.postgresql-42.7.4.jar
+ - org.postgresql.postgresql-42.7.10.jar
--------------------------------------------------------------------------------
Dependencies under the Eclipse Public License, Version 2.0 (some are dual
diff --git a/amber/LICENSE-binary-java b/amber/LICENSE-binary-java
index d82f69bd83..04c9732d3a 100644
--- a/amber/LICENSE-binary-java
+++ b/amber/LICENSE-binary-java
@@ -615,7 +615,7 @@ Scala/Java jars:
- com.github.marianobarrios.lbmq-0.6.0.jar
- dnsjava.dnsjava-2.1.7.jar
- org.codehaus.woodstox.stax2-api-4.2.1.jar
- - org.postgresql.postgresql-42.7.4.jar
+ - org.postgresql.postgresql-42.7.10.jar
--------------------------------------------------------------------------------
Dependencies under the ISC License
diff --git a/amber/build.sbt b/amber/build.sbt
index 09e4628ab8..6147ba8e25 100644
--- a/amber/build.sbt
+++ b/amber/build.sbt
@@ -224,7 +224,7 @@ libraryDependencies += "com.flipkart.zjsonpatch" %
"zjsonpatch" % "0.4.13"
libraryDependencies += "io.reactivex.rxjava3" % "rxjava" % "3.1.6"
// https://mvnrepository.com/artifact/org.postgresql/postgresql
-libraryDependencies += "org.postgresql" % "postgresql" % "42.5.4"
+libraryDependencies += "org.postgresql" % "postgresql" % "42.7.10"
// https://mvnrepository.com/artifact/com.typesafe.scala-logging/scala-logging
libraryDependencies += "com.typesafe.scala-logging" %% "scala-logging" %
"3.9.5"
diff --git a/common/dao/build.sbt b/common/dao/build.sbt
index 6b352d6975..b88fdbbfad 100644
--- a/common/dao/build.sbt
+++ b/common/dao/build.sbt
@@ -174,5 +174,5 @@ libraryDependencies ++= Seq(
/////////////////////////////////////////////////////////////////////////////
libraryDependencies ++= Seq(
- "org.postgresql" % "postgresql" % "42.7.4",
+ "org.postgresql" % "postgresql" % "42.7.10",
)
diff --git a/common/workflow-core/build.sbt b/common/workflow-core/build.sbt
index e71b2cd1d2..467296ba0e 100644
--- a/common/workflow-core/build.sbt
+++ b/common/workflow-core/build.sbt
@@ -192,7 +192,7 @@ libraryDependencies ++= Seq(
excludeJackson,
excludeJacksonModule
),
- "org.postgresql" % "postgresql" % "42.7.3"
+ "org.postgresql" % "postgresql" % "42.7.10"
)
/////////////////////////////////////////////////////////////////////////////
diff --git a/computing-unit-managing-service/LICENSE-binary
b/computing-unit-managing-service/LICENSE-binary
index 89d1edddb7..efcee44a84 100644
--- a/computing-unit-managing-service/LICENSE-binary
+++ b/computing-unit-managing-service/LICENSE-binary
@@ -568,7 +568,7 @@ Scala/Java jars:
- com.github.luben.zstd-jni-1.5.0-1.jar
- dnsjava.dnsjava-2.1.7.jar
- org.codehaus.woodstox.stax2-api-4.2.1.jar
- - org.postgresql.postgresql-42.7.4.jar
+ - org.postgresql.postgresql-42.7.10.jar
--------------------------------------------------------------------------------
Dependencies under the Eclipse Public License, Version 2.0 (some are dual
diff --git a/config-service/LICENSE-binary b/config-service/LICENSE-binary
index de970a5394..99bb33f98d 100644
--- a/config-service/LICENSE-binary
+++ b/config-service/LICENSE-binary
@@ -343,7 +343,7 @@ Dependencies under the BSD 2-Clause License
--------------------------------------------------------------------------------
Scala/Java jars:
- - org.postgresql.postgresql-42.7.4.jar
+ - org.postgresql.postgresql-42.7.10.jar
--------------------------------------------------------------------------------
Dependencies under the Eclipse Public License, Version 2.0 (some are dual
diff --git a/file-service/LICENSE-binary b/file-service/LICENSE-binary
index 6d3da7abc3..a242d5d4b4 100644
--- a/file-service/LICENSE-binary
+++ b/file-service/LICENSE-binary
@@ -529,7 +529,7 @@ Scala/Java jars:
- com.github.luben.zstd-jni-1.5.0-1.jar
- dnsjava.dnsjava-2.1.7.jar
- org.codehaus.woodstox.stax2-api-4.2.1.jar
- - org.postgresql.postgresql-42.7.4.jar
+ - org.postgresql.postgresql-42.7.10.jar
--------------------------------------------------------------------------------
Dependencies under the Eclipse Public License, Version 2.0 (some are dual
diff --git a/workflow-compiling-service/LICENSE-binary
b/workflow-compiling-service/LICENSE-binary
index 1f41bd024a..67fa5e9180 100644
--- a/workflow-compiling-service/LICENSE-binary
+++ b/workflow-compiling-service/LICENSE-binary
@@ -537,7 +537,7 @@ Scala/Java jars:
- com.github.luben.zstd-jni-1.5.0-1.jar
- dnsjava.dnsjava-2.1.7.jar
- org.codehaus.woodstox.stax2-api-4.2.1.jar
- - org.postgresql.postgresql-42.7.4.jar
+ - org.postgresql.postgresql-42.7.10.jar
--------------------------------------------------------------------------------
Dependencies under the Eclipse Public License, Version 2.0 (some are dual
