(paimon) branch master updated: [core] Bump httpclient5 to version >5.4.3 to avoid CVE-2025-27820 (#6787)

Wed, 10 Dec 2025 00:01:17 -0800 

This is an automated email from the ASF dual-hosted git repository.

lzljs3620320 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/paimon.git


The following commit(s) were added to refs/heads/master by this push:
     new 20f571a20e [core] Bump httpclient5 to version >5.4.3 to avoid 
CVE-2025-27820 (#6787)
20f571a20e is described below

commit 20f571a20ec6a0f041581a9f8304d5676c5fd835
Author: Pei Yu <[email protected]>
AuthorDate: Wed Dec 10 16:01:04 2025 +0800

    [core] Bump httpclient5 to version >5.4.3 to avoid CVE-2025-27820 (#6787)
---
 paimon-core/src/main/resources/META-INF/NOTICE | 4 ++--
 pom.xml                                        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/paimon-core/src/main/resources/META-INF/NOTICE 
b/paimon-core/src/main/resources/META-INF/NOTICE
index 7957d92529..38d1635dc8 100644
--- a/paimon-core/src/main/resources/META-INF/NOTICE
+++ b/paimon-core/src/main/resources/META-INF/NOTICE
@@ -5,5 +5,5 @@ This product includes software developed at
 The Apache Software Foundation (http://www.apache.org/).
 
 This project bundles the following dependencies under the Apache Software 
License 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
-- org.apache.httpcomponents.core5:httpcore5:5.3.3
-- org.apache.httpcomponents.client5:httpclient5:5.4.2
\ No newline at end of file
+- org.apache.httpcomponents.core5:httpcore5:5.3.6
+- org.apache.httpcomponents.client5:httpclient5:5.5.1
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 6a08bbea9b..e9659b707c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -136,8 +136,8 @@ under the License.
         <mockito.version>3.4.6</mockito.version>
         <mockito-junit-jupiter.version>4.11.0</mockito-junit-jupiter.version>
         <okhttp.version>4.12.0</okhttp.version>
-        <apache.hc.core.version>5.3.3</apache.hc.core.version>
-        <apache.hc.client.version>5.4.2</apache.hc.client.version>
+        <apache.hc.core.version>5.3.6</apache.hc.core.version>
+        <apache.hc.client.version>5.5.1</apache.hc.client.version>
         <jaxb.api.version>2.3.1</jaxb.api.version>
         <findbugs.version>1.3.9</findbugs.version>
         <json-smart.version>2.5.2</json-smart.version>

Reply via email to