[jira] [Created] (FLINK-38557) Upgrade Presto to resolve multiple vulnerabilities

Avi Sanwal (Jira) Fri, 24 Oct 2025 00:12:19 -0700

Avi Sanwal created FLINK-38557:
----------------------------------

             Summary: Upgrade Presto to resolve multiple vulnerabilities
                 Key: FLINK-38557
                 URL: https://issues.apache.org/jira/browse/FLINK-38557
             Project: Flink
          Issue Type: Technical Debt
          Components: Connectors / FileSystem, FileSystems
    Affects Versions: 1.20.3
            Reporter: Avi Sanwal



Current version of presto [used by 
flink|https://github.com/apache/flink/blob/01e3a6d78d58843d7e67d94bfcbcc45337677d74/flink-filesystems/flink-s3-fs-presto/pom.xml#L35]
 is quite outdated and contains quite a lot of transitive vulnerabilities. See 
https://mvnrepository.com/artifact/com.facebook.presto/presto-hive/0.272

We must upgrade to a newer version. The latest as of this writing is 
[0.295|https://mvnrepository.com/artifact/com.facebook.presto/presto-hive/0.295]
 which still has a 2 unresolved vulnerabilities, but fixes atleast 14.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (FLINK-38557) Upgrade Presto to resolve multiple vulnerabilities

Reply via email to