This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 3fb52c5d749 [fix][sec] Upgrade jose4j to 0.9.6 to address
CVE-2024-29371 (#25095)
3fb52c5d749 is described below
commit 3fb52c5d7494d4020956b7a26db5e9e721c7d555
Author: Lari Hotari <[email protected]>
AuthorDate: Mon Dec 22 10:06:46 2025 +0200
[fix][sec] Upgrade jose4j to 0.9.6 to address CVE-2024-29371 (#25095)
---
distribution/server/src/assemble/LICENSE.bin.txt | 2 +-
pom.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt
b/distribution/server/src/assemble/LICENSE.bin.txt
index 3154f23ffb0..bf3fef28c0e 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -264,7 +264,7 @@ The Apache Software License, Version 2.0
* Conscrypt -- org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar
* Fastutil -- it.unimi.dsi-fastutil-8.5.16.jar
* Proto Google Common Protos --
com.google.api.grpc-proto-google-common-protos-2.59.2.jar
- * Bitbucket -- org.bitbucket.b_c-jose4j-0.9.4.jar
+ * Bitbucket -- org.bitbucket.b_c-jose4j-0.9.6.jar
* Gson
- com.google.code.gson-gson-2.13.2.jar
- io.gsonfire-gson-fire-1.9.0.jar
diff --git a/pom.xml b/pom.xml
index a88767dcfd3..eaf9a1ae879 100644
--- a/pom.xml
+++ b/pom.xml
@@ -284,7 +284,7 @@ flexible messaging model and an intuitive client
API.</description>
<jakarta.validation.version>2.0.2</jakarta.validation.version>
<jna.version>5.12.1</jna.version>
<kubernetesclient.version>23.0.0</kubernetesclient.version>
- <jose4j.version>0.9.4</jose4j.version>
+ <jose4j.version>0.9.6</jose4j.version>
<okhttp3.version>5.3.1</okhttp3.version>
<!-- use okio version that matches the okhttp3 version -->
<okio.version>3.16.3</okio.version>
