This is an automated email from the ASF dual-hosted git repository. 1996fanrui pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/flink-connector-kafka.git
commit 119cf495733a6ee0f38df63eb6f312593b222b82 Author: Purushottam Sinha <[email protected]> AuthorDate: Sat May 16 20:40:34 2026 +0530 [FLINK-39693] Bump jackson, log4j, assertj to address CVEs - jackson-bom 2.18.2 -> 2.18.6 (GHSA-72hv-8253-57qq, ships in connector jar) - log4j 2.25.0 -> 2.25.4 (CVE-2025-68161, CVE-2026-34477/34478/34480, test-scope) - assertj 3.27.3 -> 3.27.7 (CVE-2026-24400, test-scope) --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 126e02bc..babea4c9 100644 --- a/pom.xml +++ b/pom.xml @@ -66,11 +66,11 @@ under the License. <commons-lang3.version>3.18.0</commons-lang3.version> <httpcore.version>4.4.16</httpcore.version> <httpclient.version>4.5.14</httpclient.version> - <jackson-bom.version>2.18.2</jackson-bom.version> + <jackson-bom.version>2.18.6</jackson-bom.version> <javassist.version>3.30.2-GA</javassist.version> <jsr305.version>1.3.9</jsr305.version> <kryo.version>5.6.2</kryo.version> - <log4j.version>2.25.0</log4j.version> + <log4j.version>2.25.4</log4j.version> <objenesis.version>3.4</objenesis.version> <scala.binary.version>2.12</scala.binary.version> <scala-library.version>${scala.binary.version}.20</scala-library.version> @@ -81,7 +81,7 @@ under the License. <!-- Test Dependencies --> <archunit.version>1.4.1</archunit.version> - <assertj.version>3.27.3</assertj.version> + <assertj.version>3.27.7</assertj.version> <docker-java-api.version>3.5.2</docker-java-api.version> <guava.version>33.4.8-jre</guava.version> <hamcrest.version>1.3</hamcrest.version>
