This is an automated email from the ASF dual-hosted git repository.
yhu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/beam.git
The following commit(s) were added to refs/heads/master by this push:
new 9e3dd1a2c87 fix CVE-2024-57699 by pinning version (#37200)
9e3dd1a2c87 is described below
commit 9e3dd1a2c8701ee3ea38f49e65a80326188cb217
Author: Radosław Stankiewicz <[email protected]>
AuthorDate: Tue Dec 30 22:43:09 2025 +0100
fix CVE-2024-57699 by pinning version (#37200)
---
sdks/java/io/iceberg/hive/build.gradle | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sdks/java/io/iceberg/hive/build.gradle
b/sdks/java/io/iceberg/hive/build.gradle
index b0c2ac64918..11c8118b4bc 100644
--- a/sdks/java/io/iceberg/hive/build.gradle
+++ b/sdks/java/io/iceberg/hive/build.gradle
@@ -57,6 +57,8 @@ dependencies {
}
// add manually higher version to resolve CVE-2025-59250
runtimeOnly ("com.microsoft.sqlserver:mssql-jdbc:12.2.0.jre11")
+ // resolve CVE-2024-57699
+ runtimeOnly("net.minidev:json-smart:2.5.2")
runtimeOnly ("org.apache.hbase:hbase-client:$hbase_version")
runtimeOnly ("org.apache.calcite.avatica:avatica-core:$avatica_version")
// these exlusions were inherit from hive-exec-3.1.3.pom
