geyanggang opened a new issue, #11165: URL: https://github.com/apache/gravitino/issues/11165
### What would you like to be improved? commons-beanutils 1.9.4 is pulled transitively by Hive Metastore into the runtime classpath of `hive-metastore2-libs` and `hive-metastore3-libs`. This version does not enable `SuppressPropertiesBeanIntrospector` by default, allowing potential class-level property access via the `class` property. Version 1.11.0 (released 2025-05-27) sets the default behavior to disallow class-level access, resolving this issue. ### How should we improve? Add commons-beanutils 1.11.0 to `gradle/libs.versions.toml` and add a dependency constraint in both hive-metastore-libs modules to force the transitive version upgrade. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
