This is an automated email from the ASF dual-hosted git repository.
yhu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/beam.git
The following commit(s) were added to refs/heads/master by this push:
new 4eff1798314 fix CVE-2025-59250 (#36800)
4eff1798314 is described below
commit 4eff1798314e7530bf3179e28d9dc865848923a4
Author: Radosław Stankiewicz <[email protected]>
AuthorDate: Wed Nov 12 16:16:27 2025 +0100
fix CVE-2025-59250 (#36800)
---
sdks/java/io/iceberg/hive/build.gradle | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/sdks/java/io/iceberg/hive/build.gradle
b/sdks/java/io/iceberg/hive/build.gradle
index 723036fb118..b0c2ac64918 100644
--- a/sdks/java/io/iceberg/hive/build.gradle
+++ b/sdks/java/io/iceberg/hive/build.gradle
@@ -48,8 +48,15 @@ dependencies {
// old calcite vulnerabilities
exclude group: "org.apache.calcite", module: "calcite-core"
exclude group: "org.apache.calcite", module: "calcite-druid"
+ // old mssql vulnerabilities CVE-2025-59250
+ exclude group: "com.microsoft.sqlserver", module: "mssql-jdbc"
}
- runtimeOnly
("org.apache.hadoop:hadoop-yarn-server-resourcemanager:$hadoop_version")
+ runtimeOnly
("org.apache.hadoop:hadoop-yarn-server-resourcemanager:$hadoop_version") {
+ // old mssql vulnerabilities CVE-2025-59250
+ exclude group: "com.microsoft.sqlserver", module: "mssql-jdbc"
+ }
+ // add manually higher version to resolve CVE-2025-59250
+ runtimeOnly ("com.microsoft.sqlserver:mssql-jdbc:12.2.0.jre11")
runtimeOnly ("org.apache.hbase:hbase-client:$hbase_version")
runtimeOnly ("org.apache.calcite.avatica:avatica-core:$avatica_version")
// these exlusions were inherit from hive-exec-3.1.3.pom
