Skip to content

Commit 9b586ff

Browse files
ShahimSharafudeenShahimSharafudeen
committed
Upgrade helix-core to 1.4.3 to address CVE-2023-38647 
1 parent e53f403 commit 9b586ff

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

pom.xml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,7 @@
9090
<dep.commons.lang3.version>3.18.0</dep.commons.lang3.version>
9191
<dep.guice.version>6.0.0</dep.guice.version>
9292
<dep.arrow.version>17.0.0</dep.arrow.version>
93+
<dep.helix.version>1.4.3</dep.helix.version>
9394

9495
<dep.pos.classloader.module-name.suffix>2</dep.pos.classloader.module-name.suffix>
9596

@@ -2245,6 +2246,13 @@
22452246
<version>${dep.pinot.version}</version>
22462247
</dependency>
22472248

2249+
<!-- Upgrades the transitive helix-core version used by the Presto Pinot driver to address CVE-2023-38647 -->
2250+
<dependency>
2251+
<groupId>org.apache.helix</groupId>
2252+
<artifactId>helix-core</artifactId>
2253+
<version>${dep.helix.version}</version>
2254+
</dependency>
2255+
22482256
<dependency>
22492257
<groupId>org.xerial.snappy</groupId>
22502258
<artifactId>snappy-java</artifactId>

0 commit comments

Comments
 (0)