This is an automated email from the ASF dual-hosted git repository.
chia7712 pushed a commit to branch 3.9
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/3.9 by this push:
new 506ff18e888 KAFKA-20042 Upgraded Jose4J to 0.9.6 to remediate
CVE-2024-29371 (#21255)
506ff18e888 is described below
commit 506ff18e8887cf9610489f56f643a081d015394e
Author: shub-est <[email protected]>
AuthorDate: Thu Jan 8 19:18:43 2026 +0000
KAFKA-20042 Upgraded Jose4J to 0.9.6 to remediate CVE-2024-29371 (#21255)
Upgraded Jose4J from 0.9.4 to 0.9.6 to remediate CVE-2024-29371
Reviewers: Shicheng Rao <[email protected]>,
Chia-Ping Tsai <[email protected]>
---
LICENSE-binary | 2 +-
gradle/dependencies.gradle | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/LICENSE-binary b/LICENSE-binary
index b9cf1251f62..6ed94bac7cc 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -239,7 +239,7 @@ jetty-servlet-9.4.57.v20241219
jetty-servlets-9.4.57.v20241219
jetty-util-9.4.57.v20241219
jetty-util-ajax-9.4.57.v20241219
-jose4j-0.9.4
+jose4j-0.9.6
lz4-java-1.10.1
maven-artifact-3.9.6
metrics-core-4.1.12.1
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 916092d8188..6cd3cf7f9f1 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -111,7 +111,7 @@ versions += [
jaxrs: "2.1.1",
jfreechart: "1.0.0",
jopt: "5.0.4",
- jose4j: "0.9.4",
+ jose4j: "0.9.6",
junit: "5.10.2",
jqwik: "1.8.3",
kafka_0100: "0.10.0.1",
