athirakm94 opened a new pull request, #6799:
URL: https://github.com/apache/incubator-kie-drools/pull/6799
**Summary**
upgrade parsson from 1.1.7 to 1.1.8 to remediate CVE
Bump version.jakarta.json from 1.1.7 to 1.1.8 in kie-parent/pom.xml.
parsson 1.1.7 is pulled in transitively via:
quarkus-core → jboss-logmanager-3.2.1.Final → parsson-1.1.7
The inherited dependencyManagement entry in kie-parent takes precedence
over the parsson 1.1.7 pin in quarkus-bom-3.27.4.1, so this single
version bump is sufficient to enforce 1.1.8 across all modules including
Quarkus extension modules.
**CVE Remediated:**
[High] CVE-2026-9563
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]