This is an automated email from the ASF dual-hosted git repository.
tzimanyi pushed a commit to branch main
in repository
https://gitbox.apache.org/repos/asf/incubator-kie-kogito-runtimes.git
The following commit(s) were added to refs/heads/main by this push:
new 3b62b885c9 [CVE][incubator-kie-issues#2192] Upgrade lz4-java to 1.8.1
3b62b885c9 is described below
commit 3b62b885c98473cd48fde591fdc7be7a9af2dee7
Author: Deepak Joseph <[email protected]>
AuthorDate: Thu Dec 18 17:05:06 2025 +0530
[CVE][incubator-kie-issues#2192] Upgrade lz4-java to 1.8.1
---
kogito-build/kogito-dependencies-bom/pom.xml | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/kogito-build/kogito-dependencies-bom/pom.xml
b/kogito-build/kogito-dependencies-bom/pom.xml
index 7167047c0a..88e0426501 100644
--- a/kogito-build/kogito-dependencies-bom/pom.xml
+++ b/kogito-build/kogito-dependencies-bom/pom.xml
@@ -169,18 +169,23 @@
<version.apache.commons.commons-compress>1.27.1</version.apache.commons.commons-compress>
<version.tomcat.embed.core>10.1.48</version.tomcat.embed.core>
+ <version.org.lz4.java>1.8.1</version.org.lz4.java>
</properties>
<dependencyManagement>
<dependencies>
- <!-- These versions are overrides for transitive dependencies, to fix
security vulnerabilities.
- They need to be checked with Quarkus and Spring Boot upgrades and
eventually removed, if they are not needed anymore. -->
+ <!-- These versions are overrides for transitive dependencies, to fix
security vulnerabilities. -->
<dependency>
<groupId>org.eclipse.angus</groupId>
<artifactId>angus-mail</artifactId>
<version>${version.angus.mail}</version>
</dependency>
+ <dependency>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ <version>${version.org.lz4.java}</version>
+ </dependency>
<!-- End of various transitive overrides. -->
<!-- Not directly used, but used to override transitive versions of
Spring dependencies dependencies to fix vulnerabilities -->
@@ -1010,7 +1015,7 @@
<groupId>org.apache.maven</groupId>
<artifactId>maven-project</artifactId>
<version>${version.maven.project}</version>
- </dependency>
+ </dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-core</artifactId>
@@ -1101,13 +1106,13 @@
<artifactId>swagger-parser</artifactId>
<version>${version.io.swagger.parser.v3}</version>
</dependency>
-
+
<dependency>
<groupId>io.swagger.core.v3</groupId>
<artifactId>swagger-model</artifactId>
<version>${version.io.swagger.core.v3}</version>
</dependency>
-
+
<dependency>
<groupId>io.swagger.core.v3</groupId>
<artifactId>swagger-core</artifactId>
@@ -1235,7 +1240,7 @@
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</exclusion>
- </exclusions>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
