This is an automated email from the ASF dual-hosted git repository.
manikumar pushed a commit to branch 3.7
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/3.7 by this push:
new 5c8eef734de KAFKA-16322 upgrade jline from 3.22.0 to 3.25.1 (#15464)
5c8eef734de is described below
commit 5c8eef734de237aefc6f30b340c3eb873141bd3b
Author: Johnny Hsu <44309740+johnnych...@users.noreply.github.com>
AuthorDate: Wed Mar 6 19:39:34 2024 +0800
KAFKA-16322 upgrade jline from 3.22.0 to 3.25.1 (#15464)
An issue in the component "GroovyEngine.execute" of jline-groovy versions
through 3.24.1 allows attackers to cause an OOM (OutofMemory) error. Please
refer to https://devhub.checkmarx.com/cve-details/CVE-2023-50572 for more
details
Reviewers: Chia-Ping Tsai <chia7...@gmail.com>
---
LICENSE-binary | 2 +-
gradle/dependencies.gradle | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/LICENSE-binary b/LICENSE-binary
index 507fd7a27a4..b4621cc8192 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -332,7 +332,7 @@ zstd-jni-1.5.5-6 see: licenses/zstd-jni-BSD-2-clause
---------------------------------------
BSD 3-Clause
-jline-3.22.0, see: licenses/jline-BSD-3-clause
+jline-3.25.1, see: licenses/jline-BSD-3-clause
jsr305-3.0.2, see: licenses/jsr305-BSD-3-clause
paranamer-2.8, see: licenses/paranamer-BSD-3-clause
protobuf-java-3.23.4, see: licenses/protobuf-java-BSD-3-clause
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 9ce199471cb..7db5eeacd80 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -108,7 +108,7 @@ versions += [
javassist: "3.29.2-GA",
jetty: "9.4.53.v20231009",
jersey: "2.39.1",
- jline: "3.22.0",
+ jline: "3.25.1",
jmh: "1.37",
hamcrest: "2.2",
scalaLogging: "3.9.4",
