This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new fefe771133f [fix][sec] Override commons-beanutils and
commons-configuration2 to remediate CVEs (#24936)
fefe771133f is described below
commit fefe771133fe0dad6412a54a2eefc5e141ca13f5
Author: guptas6est <[email protected]>
AuthorDate: Mon Nov 3 17:51:39 2025 +0000
[fix][sec] Override commons-beanutils and commons-configuration2 to
remediate CVEs (#24936)
---
pom.xml | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/pom.xml b/pom.xml
index a57ffdab389..24d9a2d4372 100644
--- a/pom.xml
+++ b/pom.xml
@@ -369,6 +369,9 @@ flexible messaging model and an intuitive client
API.</description>
<extra-enforcer-rules.version>1.6.1</extra-enforcer-rules.version>
<oshi.version>6.4.0</oshi.version>
<checkerframework.version>3.33.0</checkerframework.version>
+
+ <commons-beanutils.version>1.11.0</commons-beanutils.version>
+ <commons-configuration2.version>2.12.0</commons-configuration2.version>
</properties>
<dependencyManagement>
@@ -1736,6 +1739,16 @@ flexible messaging model and an intuitive client
API.</description>
<artifactId>opentelemetry-semconv</artifactId>
<version>${opentelemetry.semconv.version}</version>
</dependency>
+ <dependency>
+ <groupId>commons-beanutils</groupId>
+ <artifactId>commons-beanutils</artifactId>
+ <version>${commons-beanutils.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-configuration2</artifactId>
+ <version>${commons-configuration2.version}</version>
+ </dependency>
</dependencies>
</dependencyManagement>
