This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-3.0 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit d468a84f6a25c481f3791d32e88818a65c3e4dbd Author: Lari Hotari <[email protected]> AuthorDate: Mon Dec 22 10:06:46 2025 +0200 [fix][sec] Upgrade jose4j to 0.9.6 to address CVE-2024-29371 (#25095) (cherry picked from commit 3fb52c5d7494d4020956b7a26db5e9e721c7d555) --- distribution/server/src/assemble/LICENSE.bin.txt | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index 9832b30aec2..f21833913ae 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -260,7 +260,7 @@ The Apache Software License, Version 2.0 * Caffeine -- com.github.ben-manes.caffeine-caffeine-2.9.1.jar * Conscrypt -- org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar * Proto Google Common Protos -- com.google.api.grpc-proto-google-common-protos-2.9.0.jar - * Bitbucket -- org.bitbucket.b_c-jose4j-0.9.4.jar + * Bitbucket -- org.bitbucket.b_c-jose4j-0.9.6.jar * Gson - com.google.code.gson-gson-2.13.2.jar - io.gsonfire-gson-fire-1.8.5.jar diff --git a/pom.xml b/pom.xml index 97fdad6f372..ced99189567 100644 --- a/pom.xml +++ b/pom.xml @@ -238,7 +238,7 @@ flexible messaging model and an intuitive client API.</description> <jakarta.validation.version>2.0.2</jakarta.validation.version> <jna.version>5.12.1</jna.version> <kubernetesclient.version>18.0.0</kubernetesclient.version> - <jose4j.version>0.9.4</jose4j.version> + <jose4j.version>0.9.6</jose4j.version> <okhttp3.version>4.9.3</okhttp3.version> <!-- use okio version that matches the okhttp3 version --> <okio.version>3.4.0</okio.version>
