This is an automated email from the ASF dual-hosted git repository.
penghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 702c73cb5e0 [fix][misc] Upgrade dependencies to fix critical security
vulnerabilities (#24532)
702c73cb5e0 is described below
commit 702c73cb5e0a8aea45e4367b3a974366971ca822
Author: Penghui Li <[email protected]>
AuthorDate: Thu Jul 17 21:28:25 2025 -0700
[fix][misc] Upgrade dependencies to fix critical security vulnerabilities
(#24532)
Co-authored-by: Claude <[email protected]>
---
pom.xml | 8 ++++----
pulsar-io/alluxio/pom.xml | 2 +-
pulsar-io/azure-data-explorer/pom.xml | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/pom.xml b/pom.xml
index 8598c4791d9..652a74b08ef 100644
--- a/pom.xml
+++ b/pom.xml
@@ -222,14 +222,14 @@ flexible messaging model and an intuitive client
API.</description>
<hbc-core.version>2.2.0</hbc-core.version>
<cassandra.version>3.11.2</cassandra.version>
<aerospike-client.version>4.5.0</aerospike-client.version>
- <kafka-client.version>3.8.1</kafka-client.version>
+ <kafka-client.version>3.9.0</kafka-client.version>
<rabbitmq-client.version>5.18.0</rabbitmq-client.version>
<aws-sdk.version>1.12.638</aws-sdk.version>
<avro.version>1.11.4</avro.version>
<joda.version>2.10.10</joda.version>
<jclouds.version>2.6.0</jclouds.version>
<guice.version>5.1.0</guice.version>
- <sqlite-jdbc.version>3.42.0.0</sqlite-jdbc.version>
+ <sqlite-jdbc.version>3.47.1.0</sqlite-jdbc.version>
<mysql-jdbc.version>8.0.11</mysql-jdbc.version>
<postgresql-jdbc.version>42.5.5</postgresql-jdbc.version>
<clickhouse-jdbc.version>0.4.6</clickhouse-jdbc.version>
@@ -237,10 +237,10 @@ flexible messaging model and an intuitive client
API.</description>
<openmldb-jdbc.version>0.4.4-hotfix1</openmldb-jdbc.version>
<json-smart.version>2.5.2</json-smart.version>
<opensearch.version>2.16.0</opensearch.version>
- <elasticsearch-java.version>8.12.1</elasticsearch-java.version>
+ <elasticsearch-java.version>8.15.3</elasticsearch-java.version>
<debezium.version>1.9.7.Final</debezium.version>
<debezium.postgresql.version>42.5.5</debezium.postgresql.version>
- <debezium.mysql.version>8.0.30</debezium.mysql.version>
+ <debezium.mysql.version>8.0.33</debezium.mysql.version>
<!-- Override version that brings CVE-2022-3143 with debezium -->
<wildfly-elytron.version>1.15.16.Final</wildfly-elytron.version>
<jsonwebtoken.version>0.11.1</jsonwebtoken.version>
diff --git a/pulsar-io/alluxio/pom.xml b/pulsar-io/alluxio/pom.xml
index 38ff0fbb1ba..913a5efbec2 100644
--- a/pulsar-io/alluxio/pom.xml
+++ b/pulsar-io/alluxio/pom.xml
@@ -29,7 +29,7 @@
</parent>
<properties>
- <alluxio.version>2.9.3</alluxio.version>
+ <alluxio.version>2.9.4</alluxio.version>
<metrics.version>4.1.11</metrics.version>
<grpc.version>1.37.0</grpc.version>
<netty.version>4.1.100.Final</netty.version>
diff --git a/pulsar-io/azure-data-explorer/pom.xml
b/pulsar-io/azure-data-explorer/pom.xml
index b85309f985e..16a9a819c46 100644
--- a/pulsar-io/azure-data-explorer/pom.xml
+++ b/pulsar-io/azure-data-explorer/pom.xml
@@ -32,7 +32,7 @@
<name>Pulsar IO :: AzureDataExplorer</name>
<properties>
- <kusto.sdk.version>5.0.4</kusto.sdk.version>
+ <kusto.sdk.version>5.2.0</kusto.sdk.version>
</properties>
<dependencies>
<dependency>
