[jira] [Commented] (FLINK-38557) Upgrade Presto to resolve multiple vulnerabilities

Varun (Jira) Fri, 07 Nov 2025 10:00:05 -0800


    [ 
https://issues.apache.org/jira/browse/FLINK-38557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18036346#comment-18036346
 ]


Varun commented on FLINK-38557:
-------------------------------

Hi [~asanwal] , I am a new contributer to flink. Can I pick this up?

> Upgrade Presto to resolve multiple vulnerabilities
> --------------------------------------------------
>
>                 Key: FLINK-38557
>                 URL: https://issues.apache.org/jira/browse/FLINK-38557
>             Project: Flink
>          Issue Type: Technical Debt
>          Components: Connectors / FileSystem, FileSystems
>    Affects Versions: 1.20.3
>            Reporter: Avi Sanwal
>            Priority: Major
>
> Current version of presto [used by 
> flink|https://github.com/apache/flink/blob/01e3a6d78d58843d7e67d94bfcbcc45337677d74/flink-filesystems/flink-s3-fs-presto/pom.xml#L35]
>  is quite outdated and contains quite a lot of transitive vulnerabilities. 
> See https://mvnrepository.com/artifact/com.facebook.presto/presto-hive/0.272
> We must upgrade to a newer version. The latest as of this writing is 
> [0.295|https://mvnrepository.com/artifact/com.facebook.presto/presto-hive/0.295]
>  which still has a 2 unresolved vulnerabilities, but fixes atleast 14.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (FLINK-38557) Upgrade Presto to resolve multiple vulnerabilities

Reply via email to