Fix vulnerability issues in postgresql, commons-compress and snappy-java

ShahimSharafudeen · ZacBlanco · commit 60941a7c7a5c · 2025-05-19T12:33:33.000-07:00
Upgrade commons-compress version at 1.26.2 across the codebase to address security vulnerabilities
Upgrade snappy-java version at 1.1.10.4 across the codebase to address security vulnerabilities
Replace dependency from PostgreSQL to redshift-jdbc42 to address security vulnerabilities
diff --git a/presto-product-tests/pom.xml b/presto-product-tests/pom.xml
@@ -71,7 +71,6 @@
         <dependency>
             <groupId>org.xerial.snappy</groupId>
             <artifactId>snappy-java</artifactId>
-            <version>1.1.10.1</version>
             <scope>runtime</scope>
         </dependency>
         <dependency>
diff --git a/presto-redshift/pom.xml b/presto-redshift/pom.xml
@@ -42,11 +42,10 @@
             <artifactId>javax.inject</artifactId>
         </dependency>
 
-        <!-- old version of the PostgreSQL driver known to work with Redshift -->
         <dependency>
-            <groupId>org.postgresql</groupId>
-            <artifactId>postgresql</artifactId>
-            <version>9.3-1102-jdbc41</version>
+            <groupId>com.amazon.redshift</groupId>
+            <artifactId>redshift-jdbc42</artifactId>
+            <version>2.1.0.32</version>
         </dependency>
 
         <!-- Presto SPI -->
diff --git a/presto-redshift/src/main/java/com/facebook/presto/plugin/redshift/RedshiftClient.java b/presto-redshift/src/main/java/com/facebook/presto/plugin/redshift/RedshiftClient.java
@@ -13,6 +13,7 @@
  */
 package com.facebook.presto.plugin.redshift;
 
+import com.amazon.redshift.jdbc.Driver;
 import com.facebook.presto.plugin.jdbc.BaseJdbcClient;
 import com.facebook.presto.plugin.jdbc.BaseJdbcConfig;
 import com.facebook.presto.plugin.jdbc.DriverConnectionFactory;
@@ -21,7 +22,6 @@
 import com.facebook.presto.spi.ConnectorSession;
 import com.facebook.presto.spi.PrestoException;
 import com.facebook.presto.spi.SchemaTableName;
-import org.postgresql.Driver;
 
 import javax.inject.Inject;
 
diff --git a/presto-spark-launcher/pom.xml b/presto-spark-launcher/pom.xml
@@ -39,7 +39,6 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-compress</artifactId>
-            <version>1.19</version>
         </dependency>
 
         <dependency>
