This is an automated email from the ASF dual-hosted git repository.
chia7712 pushed a commit to branch 3.9
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/3.9 by this push:
new 0757155165c MINOR: Upgrade jersey libraries to address CVE-2025-12383
(#21395)
0757155165c is described below
commit 0757155165cdfb74bf8eaad3defb8464d35de096
Author: Oleksandr Luzhniy <[email protected]>
AuthorDate: Fri Feb 6 02:02:42 2026 +0200
MINOR: Upgrade jersey libraries to address CVE-2025-12383 (#21395)
This PR upgrades `jersey` libraries family from 2.39.1 to 2.46 to
address
[CVE-2025-12383](https://github.com/advisories/GHSA-7p63-w6x9-6gr7)
Note: while 2.39.1 is not listed as vulnerable - security scanners still
may alert it as vulnerable
Reviewers: PoAn Yang <[email protected]>, Gaurav Narula
<[email protected]>, Chia-Ping Tsai <[email protected]>
---
LICENSE-binary | 12 ++++++------
gradle/dependencies.gradle | 2 +-
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/LICENSE-binary b/LICENSE-binary
index 6ed94bac7cc..985f63d1985 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -297,12 +297,12 @@ hk2-utils-2.6.1
osgi-resource-locator-1.0.3
aopalliance-repackaged-2.6.1
jakarta.inject-2.6.1
-jersey-client-2.39.1
-jersey-common-2.39.1
-jersey-container-servlet-2.39.1
-jersey-container-servlet-core-2.39.1
-jersey-hk2-2.39.1
-jersey-server-2.39.1
+jersey-client-2.47
+jersey-common-2.47
+jersey-container-servlet-2.47
+jersey-container-servlet-core-2.47
+jersey-hk2-2.47
+jersey-server-2.47
---------------------------------------
CDDL 1.1 + GPLv2 with classpath exception
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 6cd3cf7f9f1..f2e80cc1a9a 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -101,7 +101,7 @@ versions += [
jacoco: "0.8.10",
javassist: "3.29.2-GA",
jetty: "9.4.57.v20241219",
- jersey: "2.39.1",
+ jersey: "2.47",
jline: "3.25.1",
jmh: "1.37",
hamcrest: "2.2",
