diff --git a/pom.xml b/pom.xml
index a2dc8d37c01e..364ca0b1bad3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1411,6 +1411,12 @@
3.6.1
+
+ org.apache.commons
+ commons-lang3
+ 3.14.0
+
+
org.apache.commons
commons-text
diff --git a/presto-accumulo/pom.xml b/presto-accumulo/pom.xml
index 86a7e17f8062..731a77f383a5 100644
--- a/presto-accumulo/pom.xml
+++ b/presto-accumulo/pom.xml
@@ -232,7 +232,6 @@
org.apache.commons
commons-lang3
- 3.4
diff --git a/presto-bigquery/pom.xml b/presto-bigquery/pom.xml
index 2af6770914fe..6cb5a0bfb9f1 100644
--- a/presto-bigquery/pom.xml
+++ b/presto-bigquery/pom.xml
@@ -47,7 +47,6 @@
org.apache.commons
commons-lang3
- 3.11
@@ -206,6 +205,10 @@
io.grpc
grpc-protobuf-lite
+
+ org.apache.commons
+ commons-lang3
+
diff --git a/presto-hive-function-namespace/pom.xml b/presto-hive-function-namespace/pom.xml
index e400e547ef0d..7c7b135f6633 100644
--- a/presto-hive-function-namespace/pom.xml
+++ b/presto-hive-function-namespace/pom.xml
@@ -36,6 +36,12 @@
org.apache.hive
hive-llap-common
+
+
+ org.apache.commons
+ commons-lang3
+
+
diff --git a/presto-main/pom.xml b/presto-main/pom.xml
index f6ab94cfd333..f916928f8f17 100644
--- a/presto-main/pom.xml
+++ b/presto-main/pom.xml
@@ -36,6 +36,11 @@
commons-math3
+
+ org.apache.commons
+ commons-lang3
+
+
com.facebook.presto
presto-spi
diff --git a/presto-main/src/main/java/com/facebook/presto/server/AsyncPageTransportServlet.java b/presto-main/src/main/java/com/facebook/presto/server/AsyncPageTransportServlet.java
index 7619c3bb6f5d..83eb73d3f15e 100644
--- a/presto-main/src/main/java/com/facebook/presto/server/AsyncPageTransportServlet.java
+++ b/presto-main/src/main/java/com/facebook/presto/server/AsyncPageTransportServlet.java
@@ -29,6 +29,7 @@
import com.google.common.util.concurrent.ListenableFuture;
import io.airlift.units.DataSize;
import io.airlift.units.Duration;
+import org.apache.commons.lang3.StringEscapeUtils;
import org.weakref.jmx.Managed;
import org.weakref.jmx.Nested;
@@ -116,6 +117,7 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
protected void reportFailure(HttpServletResponse response, String message)
throws IOException
{
+ message = StringEscapeUtils.escapeHtml4(message);
response.sendError(SC_BAD_REQUEST, message);
}
@@ -181,6 +183,7 @@ public void onError(AsyncEvent event)
{
String errorMessage = format("Server error to process task result request %s : %s", requestURI, event.getThrowable().getMessage());
log.error(event.getThrowable(), errorMessage);
+ errorMessage = StringEscapeUtils.escapeHtml4(errorMessage);
response.sendError(SC_INTERNAL_SERVER_ERROR, errorMessage);
}
diff --git a/presto-parquet/pom.xml b/presto-parquet/pom.xml
index 0dd58524b084..a3e55f4270ed 100644
--- a/presto-parquet/pom.xml
+++ b/presto-parquet/pom.xml
@@ -121,7 +121,6 @@
org.apache.commons
commons-lang3
- 3.4
test
diff --git a/presto-pinot-toolkit/pom.xml b/presto-pinot-toolkit/pom.xml
index 3e94aaaedaec..580c3fbd94ec 100644
--- a/presto-pinot-toolkit/pom.xml
+++ b/presto-pinot-toolkit/pom.xml
@@ -314,6 +314,10 @@
com.fasterxml.jackson.dataformat
jackson-dataformat-yaml
+
+ org.apache.commons
+ commons-lang3
+