This is an automated email from the ASF dual-hosted git repository.
jerryshao pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/main by this push:
new da19025b73 [#11081] improvement(deps): Upgrade Jettison from 1.1 to
1.5.4 (#11082)
da19025b73 is described below
commit da19025b73f50cfe084da95ccc75b1f1cd54f90a
Author: geyanggang <[email protected]>
AuthorDate: Mon May 18 11:35:39 2026 +0800
[#11081] improvement(deps): Upgrade Jettison from 1.1 to 1.5.4 (#11082)
### What changes were proposed in this pull request?
Upgrade Jettison from 1.1 to 1.5.4 in `gradle/libs.versions.toml`.
### Why are the changes needed?
Jettison 1.1 (from 2007) has multiple known DoS vulnerabilities
including stack overflow, memory exhaustion, and infinite recursion.
Version 1.5.4 fixes all known issues while maintaining API backward
compatibility.
Fix: #11081
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
- Compilation passes for all three authorization modules
- `./gradlew :authorizations:authorization-common:test
:authorizations:authorization-chain:test
:authorizations:authorization-ranger:test -PskipITs` — all unit tests
pass
- Integration tests to be verified by CI
---
gradle/libs.versions.toml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index d206525a61..72884f0fff 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -124,7 +124,7 @@ error-prone = "3.1.0"
woodstox-core = "5.3.0"
mail = "1.4.1"
rome = "1.0"
-jettison = "1.1"
+jettison = "1.5.4"
thrift = "0.12.0"
derby = "10.14.2.0"
datanucleus-core = "4.1.17"
