(incubator-kie-drools) branch main updated: [CVE][Medium] CVE-2026-45292 opentelemetry-api-1.44.1.jar (#6744)

Thu, 04 Jun 2026 03:33:03 -0700 

This is an automated email from the ASF dual-hosted git repository.

yesamer pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-kie-drools.git


The following commit(s) were added to refs/heads/main by this push:
     new 5eb2d69d81 [CVE][Medium] CVE-2026-45292 opentelemetry-api-1.44.1.jar 
(#6744)
5eb2d69d81 is described below

commit 5eb2d69d81ce51a6896047e43d9e0fc6d79a6058
Author: Deepak Joseph <[email protected]>
AuthorDate: Thu Jun 4 16:02:51 2026 +0530

    [CVE][Medium] CVE-2026-45292 opentelemetry-api-1.44.1.jar (#6744)
    
    * CVE Fix
    
    * Moved to diff section
    
    * Update
    
    * Update
    
    * Update
---
 kie-parent/pom.xml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/kie-parent/pom.xml b/kie-parent/pom.xml
index e4017a4a4c..df1d2dff7e 100644
--- a/kie-parent/pom.xml
+++ b/kie-parent/pom.xml
@@ -148,6 +148,7 @@
     <version.io.micrometer>1.16.4</version.io.micrometer>
     <version.io.netty>4.1.132.Final</version.io.netty>
     <version.io.opentelemetry>1.0.0-alpha</version.io.opentelemetry>
+    <version.io.opentelemetry-api>1.62.0</version.io.opentelemetry-api>
     <version.io.rest-assured>5.5.6</version.io.rest-assured>
     <version.io.smallrye-config>3.13.4</version.io.smallrye-config>
     <version.io.smallrye-health>4.2.0</version.io.smallrye-health>
@@ -927,6 +928,15 @@
         <artifactId>netty-transport-udt</artifactId>
         <version>${version.io.netty}</version>
       </dependency>
+      <!-- Version overrides to fix vulnerabilities. -->
+      <!-- Quarkus 3.27.3 transitively imports 
io.opentelemetry:opentelemetry-api:1.44.1 -->
+      <!-- CVE: 
https://github.com/open-telemetry/opentelemetry-java/security/advisories/GHSA-rcgg-9c38-7xpx
 -->
+      <dependency>
+        <groupId>io.opentelemetry</groupId>
+        <artifactId>opentelemetry-api</artifactId>
+        <version>${version.io.opentelemetry-api}</version>
+      </dependency>
+      <!-- Version overrides to fix vulnerabilities - end -->
       <dependency>
         <groupId>io.opentelemetry.proto</groupId>
         <artifactId>opentelemetry-proto</artifactId>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to