presto icon indicating copy to clipboard operation
presto copied to clipboard
verified publisher icon prestodb

upgrade kafka version to 3.9.1 in response to CVE-2025-27817

Open namya28 opened this issue 6 months ago • 2 comments

Description

This PR is for upgrading the Kafka version to the version 3.9.1 . This fixes CVE-2025-27817.

Motivation and Context

Impact

Test Plan

Contributor checklist

  • [ ] Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • [ ] PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • [ ] Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • [ ] If release notes are required, they follow the release notes guidelines.
  • [ ] Adequate tests were added if applicable.
  • [ ] CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Security Changes
* Upgrade kafka to 3.9.1 in response to `CVE-2025-27817 <https://github.com/advisories/GHSA-vgq5-3255-v292>`_. :pr:`25312`

namya28 avatar Jun 13 '25 10:06 namya28

@ethanyzhang imported this issue as lakehouse/presto #25312

prestodb-ci avatar Jun 17 '25 16:06 prestodb-ci

@namya28 , Please check and fix the CI pipeline failures

NivinCS avatar Jun 18 '25 01:06 NivinCS