This is an automated email from the ASF dual-hosted git repository.
nihaljain pushed a commit to branch branch-3
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-3 by this push:
new b815b7a196f HBASE-29651 Bump jruby to 9.4.14.0 to fix multiple CVEs
(#7405) (#7424)
b815b7a196f is described below
commit b815b7a196fc9d81c63367ac74e881f1b3ee938a
Author: Xavier Fernandis <[email protected]>
AuthorDate: Tue Nov 11 09:55:40 2025 +0530
HBASE-29651 Bump jruby to 9.4.14.0 to fix multiple CVEs (#7405) (#7424)
This change fixes the following list of CVEs:
- **CVE-2025-43857**: Fixed in JRuby 9.4.13.0
- **CVE-2025-27219**: Fixed in JRuby 9.4.14.0
- **CVE-2025-27220**: Fixed in JRuby 9.4.14.0
Signed-off-by: Nihal Jain <[email protected]>
Signed-off-by: Pankaj Kumar <[email protected]>
(cherry picked from commit 305951ec2ff221c9d5469c1f90c603f43af3a9b4)
---
pom.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index 21353f213a4..d162eec0e5c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -842,7 +842,7 @@
<servlet.api.version>4.0.1</servlet.api.version>
<wx.rs.api.version>2.1.1</wx.rs.api.version>
<tomcat.jasper.version>9.0.110</tomcat.jasper.version>
- <jruby.version>9.4.12.1</jruby.version>
+ <jruby.version>9.4.14.0</jruby.version>
<junit.jupiter.version>5.13.4</junit.jupiter.version>
<junit.vintage.version>5.13.4</junit.vintage.version>
<hamcrest.version>1.3</hamcrest.version>
@@ -867,8 +867,8 @@
<jamon-runtime.version>2.4.1</jamon-runtime.version>
<jettison.version>1.5.4</jettison.version>
<!--Make sure these joni/jcodings are compatible with the versions used by
jruby-->
- <joni.version>2.2.3</joni.version>
- <jcodings.version>1.0.61</jcodings.version>
+ <joni.version>2.2.5</joni.version>
+ <jcodings.version>1.0.63</jcodings.version>
<spy.version>2.12.3</spy.version>
<bouncycastle.version>1.81</bouncycastle.version>
<skyscreamer.version>1.5.1</skyscreamer.version>
