This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-4.1 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit c6978260e12b54b01f81e95ee6d276a77ac08a3b Author: guptas6est <[email protected]> AuthorDate: Mon Nov 3 17:51:39 2025 +0000 [fix][sec] Override commons-beanutils and commons-configuration2 to remediate CVEs (#24936) (cherry picked from commit fefe771133fe0dad6412a54a2eefc5e141ca13f5) --- pom.xml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/pom.xml b/pom.xml index b785ac3b1fc..0e161c00cd0 100644 --- a/pom.xml +++ b/pom.xml @@ -369,6 +369,9 @@ flexible messaging model and an intuitive client API.</description> <extra-enforcer-rules.version>1.6.1</extra-enforcer-rules.version> <oshi.version>6.4.0</oshi.version> <checkerframework.version>3.33.0</checkerframework.version> + + <commons-beanutils.version>1.11.0</commons-beanutils.version> + <commons-configuration2.version>2.12.0</commons-configuration2.version> </properties> <dependencyManagement> @@ -1736,6 +1739,16 @@ flexible messaging model and an intuitive client API.</description> <artifactId>opentelemetry-semconv</artifactId> <version>${opentelemetry.semconv.version}</version> </dependency> + <dependency> + <groupId>commons-beanutils</groupId> + <artifactId>commons-beanutils</artifactId> + <version>${commons-beanutils.version}</version> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-configuration2</artifactId> + <version>${commons-configuration2.version}</version> + </dependency> </dependencies> </dependencyManagement>
