This is an automated email from the ASF dual-hosted git repository.
chia7712 pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/trunk by this push:
new 3c0843961bd KAFKA-19739 Upgrade commons-validator to 1.10.0 (#20601)
3c0843961bd is described below
commit 3c0843961bd77f721a91f5e92e1624144859fe42
Author: Patrik Nagy <[email protected]>
AuthorDate: Mon Sep 29 12:30:17 2025 +0200
KAFKA-19739 Upgrade commons-validator to 1.10.0 (#20601)
In [KAFKA-19359](https://issues.apache.org/jira/browse/KAFKA-19359), the
commons-beanutils transitive dependency was force bumped in the project
to avoid related CVEs. The commons-validator already has a new release,
which solves this problem:
https://github.com/apache/commons-validator/tags
The workaround could be deleted as part of the version bump.
Reviewers: Chia-Ping Tsai <[email protected]>
---
LICENSE-binary | 2 +-
build.gradle | 2 --
gradle/dependencies.gradle | 4 +---
3 files changed, 2 insertions(+), 6 deletions(-)
diff --git a/LICENSE-binary b/LICENSE-binary
index c8fa1e8207a..c6078a48bca 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -211,7 +211,7 @@ License Version 2.0:
- commons-digester-2.1
- commons-lang3-3.18.0
- commons-logging-1.3.5
-- commons-validator-1.9.0
+- commons-validator-1.10.0
- hash4j-0.22.0
- jackson-annotations-2.19.0
- jackson-core-2.19.0
diff --git a/build.gradle b/build.gradle
index 29537dd77dc..8d18d0ea7b8 100644
--- a/build.gradle
+++ b/build.gradle
@@ -193,8 +193,6 @@ allprojects {
// ensure we have a single version in the classpath despite
transitive dependencies
libs.scalaLibrary,
libs.scalaReflect,
- // Workaround before `commons-validator` has new release. See
KAFKA-19359.
- libs.commonsBeanutils,
libs.jacksonAnnotations,
libs.commonsLang
)
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 390c7e830c8..31adcd2c268 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -57,9 +57,8 @@ versions += [
caffeine: "3.2.0",
bndlib: "7.1.0",
checkstyle: project.hasProperty('checkstyleVersion') ? checkstyleVersion :
"10.20.2",
- commonsBeanutils: "1.11.0",
commonsLang: "3.18.0",
- commonsValidator: "1.9.0",
+ commonsValidator: "1.10.0",
classgraph: "4.8.179",
gradle: "8.14.3",
grgit: "4.1.1",
@@ -151,7 +150,6 @@ libs += [
bndlib:"biz.aQute.bnd:biz.aQute.bndlib:$versions.bndlib",
caffeine: "com.github.ben-manes.caffeine:caffeine:$versions.caffeine",
classgraph: "io.github.classgraph:classgraph:$versions.classgraph",
- commonsBeanutils:
"commons-beanutils:commons-beanutils:$versions.commonsBeanutils",
commonsLang: "org.apache.commons:commons-lang3:$versions.commonsLang",
commonsValidator:
"commons-validator:commons-validator:$versions.commonsValidator",
jacksonAnnotations:
"com.fasterxml.jackson.core:jackson-annotations:$versions.jackson",
