This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-4.1 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 02a3bc3336dd591d1b4e589906f72ee773294681 Author: guptas6est <[email protected]> AuthorDate: Mon Nov 3 15:57:04 2025 +0000 [fix][sec] Override kafka-clients in kinesis-kpl-shaded to remediate CVE-2024-31141 and CVE-2025-27817 (#24935) (cherry picked from commit 8cb1040336e8a397ff60220842102c99f712348b) --- pulsar-io/kinesis-kpl-shaded/pom.xml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pulsar-io/kinesis-kpl-shaded/pom.xml b/pulsar-io/kinesis-kpl-shaded/pom.xml index d770c5bba27..6d1e7ccda5f 100644 --- a/pulsar-io/kinesis-kpl-shaded/pom.xml +++ b/pulsar-io/kinesis-kpl-shaded/pom.xml @@ -53,6 +53,12 @@ <type>pom</type> <scope>import</scope> </dependency> + <!-- enforce kafka client version that gets pulled transitively --> + <dependency> + <groupId>org.apache.kafka</groupId> + <artifactId>kafka-clients</artifactId> + <version>${kafka-client.version}</version> + </dependency> </dependencies> </dependencyManagement> <dependencies>
