(hbase) branch branch-3 updated: HBASE-29318 Bump jruby to 9.4.12.1 to fix jruby-openssl CVEs (#6997) (#7039)

Thu, 29 May 2025 03:37:15 -0700 

This is an automated email from the ASF dual-hosted git repository.

nihaljain pushed a commit to branch branch-3
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/branch-3 by this push:
     new 9fa6c376d62 HBASE-29318 Bump jruby to 9.4.12.1 to fix jruby-openssl 
CVEs (#6997) (#7039)
9fa6c376d62 is described below

commit 9fa6c376d62d221860aedd009d188588e575eee9
Author: Nihal Jain <[email protected]>
AuthorDate: Thu May 29 16:07:04 2025 +0530

    HBASE-29318 Bump jruby to 9.4.12.1 to fix jruby-openssl CVEs (#6997) (#7039)
    
    - Drops moderate jruby-openssl CVE: CVE-2025-46551 and GHSA-72qj-48g4-5xgx  
from our classpath.
    - Also fixes performance problem in IRB where pasting clipboard content is 
extremely slow.
    
    Signed-off-by: Duo Zhang <[email protected]>
    Signed-off-by: Pankaj <[email protected]>
    Signed-off-by: Tak Lon (Stephen) Wu <[email protected]>
    Reviewed-by: Junegunn Choi <[email protected]>
    
    (cherry picked from commit ecaa9481ba785ef3e1b6663cbb737fd04e720ff7)
---
 pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index d224c32439c..506f074b569 100644
--- a/pom.xml
+++ b/pom.xml
@@ -842,7 +842,7 @@
     <servlet.api.version>3.1.0</servlet.api.version>
     <wx.rs.api.version>2.1.1</wx.rs.api.version>
     <tomcat.jasper.version>9.0.104</tomcat.jasper.version>
-    <jruby.version>9.4.9.0</jruby.version>
+    <jruby.version>9.4.12.1</jruby.version>
     <junit.version>4.13.2</junit.version>
     <hamcrest.version>1.3</hamcrest.version>
     <opentelemetry.version>1.49.0</opentelemetry.version>
@@ -866,8 +866,8 @@
     <jamon-runtime.version>2.4.1</jamon-runtime.version>
     <jettison.version>1.5.4</jettison.version>
     <!--Make sure these joni/jcodings are compatible with the versions used by 
jruby-->
-    <joni.version>2.2.1</joni.version>
-    <jcodings.version>1.0.58</jcodings.version>
+    <joni.version>2.2.3</joni.version>
+    <jcodings.version>1.0.61</jcodings.version>
     <spy.version>2.12.3</spy.version>
     <bouncycastle.version>1.78</bouncycastle.version>
     <skyscreamer.version>1.5.1</skyscreamer.version>

Reply via email to