Upgrade aws-java-sdk version to 1.12.782 in response to CVE-2024-21634

ShahimSharafudeen · yingsu00 · commit 8ef0071fe01b · 2025-03-11T22:00:07.000-07:00
diff --git a/pom.xml b/pom.xml
@@ -48,7 +48,7 @@
         <dep.packaging.version>${dep.airlift.version}</dep.packaging.version>
         <dep.slice.version>0.38</dep.slice.version>
         <dep.testing-mysql-server-5.version>0.6</dep.testing-mysql-server-5.version>
-        <dep.aws-sdk.version>1.12.560</dep.aws-sdk.version>
+        <dep.aws-sdk.version>1.12.782</dep.aws-sdk.version>
         <dep.okhttp.version>3.9.0</dep.okhttp.version>
         <dep.jdbi3.version>3.4.0</dep.jdbi3.version>
         <dep.oracle.version>19.3.0.0</dep.oracle.version>
diff --git a/presto-accumulo/pom.xml b/presto-accumulo/pom.xml
@@ -16,7 +16,7 @@
         <air.main.basedir>${project.parent.basedir}</air.main.basedir>
         <dep.accumulo.version>1.10.1</dep.accumulo.version>
         <dep.curator.version>2.12.0</dep.curator.version>
-        <dep.reload4j.version>1.2.18.3</dep.reload4j.version>
+        <dep.reload4j.version>1.2.22</dep.reload4j.version>
     </properties>
 
     <dependencyManagement>
@@ -271,6 +271,14 @@
             <version>${dep.reload4j.version}</version>
         </dependency>
 
+        <!-- log4j removed from  reload4j version 1.2.18.4-->
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-1.2-api</artifactId>
+            <version>2.24.3</version>
+            <scope>test</scope>
+        </dependency>
+
         <!-- Presto SPI -->
         <dependency>
             <groupId>com.facebook.presto</groupId>
@@ -390,4 +398,21 @@
             </build>
         </profile>
     </profiles>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.basepom.maven</groupId>
+                <artifactId>duplicate-finder-maven-plugin</artifactId>
+                <configuration>
+                    <ignoredResourcePatterns>
+                        <ignoredResourcePattern>org/apache/log4j/xml/log4j.dtd</ignoredResourcePattern>
+                    </ignoredResourcePatterns>
+                    <ignoredClassPatterns>
+                        <ignoredClassPattern>org.apache.log4j.*</ignoredClassPattern>
+                    </ignoredClassPatterns>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
 </project>
