(beam) branch master updated: Pin zookeeper in expansion service (#37859)

yhu Sat, 14 Mar 2026 17:56:23 -0700

This is an automated email from the ASF dual-hosted git repository.

yhu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/beam.git



The following commit(s) were added to refs/heads/master by this push:
     new 0f6c88e0d4b Pin zookeeper in expansion service (#37859)
0f6c88e0d4b is described below

commit 0f6c88e0d4b9f0473421df8daf7e2554902f53a9
Author: claudevdm <[email protected]>
AuthorDate: Sat Mar 14 20:56:07 2026 -0400

    Pin zookeeper in expansion service (#37859)
---
 sdks/java/io/expansion-service/build.gradle | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sdks/java/io/expansion-service/build.gradle 
b/sdks/java/io/expansion-service/build.gradle
index be9e3704e6c..45da52f3f75 100644
--- a/sdks/java/io/expansion-service/build.gradle
+++ b/sdks/java/io/expansion-service/build.gradle
@@ -53,6 +53,9 @@ configurations.runtimeClasspath {
   // Pin logback to 1.5.27 to resolve CVE-2026-1225
   resolutionStrategy.force "ch.qos.logback:logback-classic:1.5.27"
   resolutionStrategy.force "ch.qos.logback:logback-core:1.5.27"
+
+  // Pin zookeeper to 3.8.6 to fix CVE in transitive 3.8.4 from hadoop/hbase
+  resolutionStrategy.force 'org.apache.zookeeper:zookeeper:3.8.6'
 }
 
 shadowJar {

(beam) branch master updated: Pin zookeeper in expansion service (#37859)

Reply via email to