Skip to content

Commit ffa5c31

Browse files
silvanli-confluentsilvanli-confluent
authored
Merge pull request #1696 from confluentinc/KSECURITY-2537-3-6
3.6 force bump commons-beanutils for CVE-2025-48734 (apache#19939)
2 parents 0d47f09 + c7d18c9 commit ffa5c31

File tree

3 files changed

+6
-2
lines changed

3 files changed

+6
-2
lines changed

LICENSE-binary

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -207,13 +207,13 @@ License Version 2.0:
207207

208208
audience-annotations-0.12.0
209209
caffeine-2.9.3
210-
commons-beanutils-1.9.4
210+
commons-beanutils-1.11.0
211211
commons-cli-1.4
212212
commons-collections-3.2.2
213213
commons-digester-2.1
214214
commons-io-2.11.0
215215
commons-lang3-3.8.1
216-
commons-logging-1.2
216+
commons-logging-1.3.5
217217
commons-validator-1.7
218218
error_prone_annotations-2.10.0
219219
jackson-annotations-2.13.5

build.gradle

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -165,6 +165,8 @@ allprojects {
165165
// ensure we have a single version in the classpath despite transitive dependencies
166166
libs.scalaLibrary,
167167
libs.scalaReflect,
168+
// Workaround before `commons-validator` has new release. See KAFKA-19359.
169+
libs.commonsBeanutils,
168170
libs.jacksonAnnotations,
169171
// be explicit about the Netty dependency version instead of relying on the version set by
170172
// ZooKeeper (potentially older and containing CVEs)

gradle/dependencies.gradle

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,7 @@ versions += [
8080
bcpkix: "1.77",
8181
caffeine: "2.9.3", // 3.x supports JDK 11 and above
8282
checkstyle: "8.36.2",
83+
commonsBeanutils: "1.11.0",
8384
commonsCli: "1.4",
8485
commonsIo: "2.16.0", // ZooKeeper dependency. Do not use, this is going away.
8586
commonsValidator: "1.7",
@@ -168,6 +169,7 @@ libs += [
168169
bcpkix: "org.bouncycastle:bcpkix-jdk18on:$versions.bcpkix",
169170
caffeine: "com.github.ben-manes.caffeine:caffeine:$versions.caffeine",
170171
commonsCli: "commons-cli:commons-cli:$versions.commonsCli",
172+
commonsBeanutils: "commons-beanutils:commons-beanutils:$versions.commonsBeanutils",
171173
commonsValidator: "commons-validator:commons-validator:$versions.commonsValidator",
172174
commonsCodec: "commons-codec:commons-codec:$versions.commonsCodec",
173175
commonsIo: "commons-io:commons-io:$versions.commonsIo",

0 commit comments

Comments
 (0)