This is an automated email from the ASF dual-hosted git repository.
nihaljain pushed a commit to branch branch-2
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2 by this push:
new 470fe193938 HBASE-29651 Bump jruby to 9.4.14.0 to fix multiple CVEs
(#7405) (#7427)
470fe193938 is described below
commit 470fe193938f8daaed8183ab8175cc7351f2ef36
Author: Xavier Fernandis <[email protected]>
AuthorDate: Tue Nov 11 09:55:55 2025 +0530
HBASE-29651 Bump jruby to 9.4.14.0 to fix multiple CVEs (#7405) (#7427)
This change fixes the following list of CVEs:
- **CVE-2025-43857**: Fixed in JRuby 9.4.13.0
- **CVE-2025-27219**: Fixed in JRuby 9.4.14.0
- **CVE-2025-27220**: Fixed in JRuby 9.4.14.0
Signed-off-by: Nihal Jain <[email protected]>
Signed-off-by: Pankaj Kumar <[email protected]>
(cherry picked from commit 305951ec2ff221c9d5469c1f90c603f43af3a9b4)
---
pom.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index ddb9d1db006..e1e1d7c0fb6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -595,7 +595,7 @@
<servlet.api.version>3.1.0</servlet.api.version>
<wx.rs.api.version>2.1.1</wx.rs.api.version>
<tomcat.jasper.version>9.0.110</tomcat.jasper.version>
- <jruby.version>9.4.12.1</jruby.version>
+ <jruby.version>9.4.14.0</jruby.version>
<junit.jupiter.version>5.13.4</junit.jupiter.version>
<junit.vintage.version>5.13.4</junit.vintage.version>
<hamcrest.version>1.3</hamcrest.version>
@@ -624,8 +624,8 @@
<jamon-runtime.version>2.4.1</jamon-runtime.version>
<jettison.version>1.5.4</jettison.version>
<!--Make sure these joni/jcodings are compatible with the versions used by
jruby-->
- <joni.version>2.2.3</joni.version>
- <jcodings.version>1.0.61</jcodings.version>
+ <joni.version>2.2.5</joni.version>
+ <jcodings.version>1.0.63</jcodings.version>
<spy.version>2.12.3</spy.version>
<bouncycastle.version>1.81</bouncycastle.version>
<skyscreamer.version>1.5.1</skyscreamer.version>
