(hop) branch main updated: Fix some CVE's , fixes #6313 (#6314)

hansva Wed, 07 Jan 2026 12:08:45 -0800

This is an automated email from the ASF dual-hosted git repository.

hansva pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/hop.git



The following commit(s) were added to refs/heads/main by this push:
     new dbd23792e0 Fix some CVE's , fixes #6313 (#6314)
dbd23792e0 is described below

commit dbd23792e03681e98635e5e1dd8e12b056226d33
Author: Hans Van Akelyen <[email protected]>
AuthorDate: Wed Jan 7 21:08:28 2026 +0100

    Fix some CVE's , fixes #6313 (#6314)
---
 lib-jdbc/pom.xml             | 2 +-
 lib/pom.xml                  | 1 -
 plugins/engines/beam/pom.xml | 8 ++++++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/lib-jdbc/pom.xml b/lib-jdbc/pom.xml
index 6a4dc66790..d9692a118f 100644
--- a/lib-jdbc/pom.xml
+++ b/lib-jdbc/pom.xml
@@ -37,7 +37,7 @@
         <hsqldb.version>2.7.4</hsqldb.version>
         <jt400.version>21.0.6</jt400.version>
         <monetdb.version>12.0</monetdb.version>
-        <mssqlnative.version>13.2.1.jre11</mssqlnative.version>
+        <mssqlnative.version>13.3.0.jre11-preview</mssqlnative.version>
         <mysql.version>9.1.0</mysql.version>
         <postgresql.version>42.7.7</postgresql.version>
         <redshift.version>2.1.0.32</redshift.version>
diff --git a/lib/pom.xml b/lib/pom.xml
index 677c805d68..3bc9092e7e 100644
--- a/lib/pom.xml
+++ b/lib/pom.xml
@@ -112,7 +112,6 @@
         <kotlin.version>1.9.25</kotlin.version>
         <kryo.version>5.3.0</kryo.version>
         <log4j.version>2.25.3</log4j.version>
-        <lz4.version>1.8.0</lz4.version>
         <metrics.version>4.2.12</metrics.version>
         <minlog.version>1.3.1</minlog.version>
         <msal4j-persistence.version>1.3.0</msal4j-persistence.version>
diff --git a/plugins/engines/beam/pom.xml b/plugins/engines/beam/pom.xml
index 98fbbf18e8..4f467b4a7c 100644
--- a/plugins/engines/beam/pom.xml
+++ b/plugins/engines/beam/pom.xml
@@ -595,11 +595,11 @@
                 </exclusion>
                 <exclusion>
                     <groupId>org.apache.logging.log4j</groupId>
-                    <artifactId>log4j-api</artifactId>
+                    <artifactId>*</artifactId>
                 </exclusion>
                 <exclusion>
                     <groupId>org.apache.logging.log4j</groupId>
-                    <artifactId>log4j-core</artifactId>
+                    <artifactId>log4j-api</artifactId>
                 </exclusion>
                 <exclusion>
                     <groupId>org.apache.logging.log4j</groupId>
@@ -1329,6 +1329,10 @@
                     <groupId>jakarta.servlet</groupId>
                     <artifactId>jakarta.servlet-api</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>log4j</groupId>
+                    <artifactId>log4j</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>net.minidev</groupId>
                     <artifactId>json-smart</artifactId>

(hop) branch main updated: Fix some CVE's , fixes #6313 (#6314)

Reply via email to