This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-4.0 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 37400971d279bd46b49eb85a78ab3e756e4b20eb Author: guptas6est <[email protected]> AuthorDate: Mon Nov 3 17:51:39 2025 +0000 [fix][sec] Override commons-beanutils and commons-configuration2 to remediate CVEs (#24936) (cherry picked from commit fefe771133fe0dad6412a54a2eefc5e141ca13f5) --- pom.xml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/pom.xml b/pom.xml index 000ab73c241..508bd342ebc 100644 --- a/pom.xml +++ b/pom.xml @@ -366,6 +366,9 @@ flexible messaging model and an intuitive client API.</description> <extra-enforcer-rules.version>1.6.1</extra-enforcer-rules.version> <oshi.version>6.4.0</oshi.version> <checkerframework.version>3.33.0</checkerframework.version> + + <commons-beanutils.version>1.11.0</commons-beanutils.version> + <commons-configuration2.version>2.12.0</commons-configuration2.version> </properties> <dependencyManagement> @@ -1727,6 +1730,16 @@ flexible messaging model and an intuitive client API.</description> <artifactId>opentelemetry-semconv</artifactId> <version>${opentelemetry.semconv.version}</version> </dependency> + <dependency> + <groupId>commons-beanutils</groupId> + <artifactId>commons-beanutils</artifactId> + <version>${commons-beanutils.version}</version> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-configuration2</artifactId> + <version>${commons-configuration2.version}</version> + </dependency> </dependencies> </dependencyManagement>
