This is an automated email from the ASF dual-hosted git repository.
feiwang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git
The following commit(s) were added to refs/heads/master by this push:
new 0b1b2f20fa [KYUUBI #7266] Upgrade jersey version to 2.47
0b1b2f20fa is described below
commit 0b1b2f20fa8a8618c0d35c12de5752d28215c762
Author: Wang, Fei <[email protected]>
AuthorDate: Wed Dec 10 09:57:53 2025 -0800
[KYUUBI #7266] Upgrade jersey version to 2.47
### Why are the changes needed?
Upgrade jersey version to 2.47 to fix CVE-2025-12383
### How was this patch tested?
GA.
### Was this patch authored or co-authored using generative AI tooling?
No.
Closes #7266 from turboFei/jersey.
Closes #7266
aaffb2870 [Wang, Fei] Upgrade jersey version to 2.47 to fix CVE-2025-12383
Authored-by: Wang, Fei <[email protected]>
Signed-off-by: Wang, Fei <[email protected]>
---
dev/dependencyList | 16 ++++++++--------
pom.xml | 2 +-
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/dev/dependencyList b/dev/dependencyList
index ed2e5798fc..b2fd446db5 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -74,14 +74,14 @@ jakarta.xml.bind-api/2.3.2//jakarta.xml.bind-api-2.3.2.jar
javassist/3.25.0-GA//javassist-3.25.0-GA.jar
javax.servlet-api/4.0.1//javax.servlet-api-4.0.1.jar
jcl-over-slf4j/1.7.36//jcl-over-slf4j-1.7.36.jar
-jersey-client/2.40//jersey-client-2.40.jar
-jersey-common/2.40//jersey-common-2.40.jar
-jersey-container-servlet-core/2.40//jersey-container-servlet-core-2.40.jar
-jersey-entity-filtering/2.40//jersey-entity-filtering-2.40.jar
-jersey-hk2/2.40//jersey-hk2-2.40.jar
-jersey-media-json-jackson/2.40//jersey-media-json-jackson-2.40.jar
-jersey-media-multipart/2.40//jersey-media-multipart-2.40.jar
-jersey-server/2.40//jersey-server-2.40.jar
+jersey-client/2.47//jersey-client-2.47.jar
+jersey-common/2.47//jersey-common-2.47.jar
+jersey-container-servlet-core/2.47//jersey-container-servlet-core-2.47.jar
+jersey-entity-filtering/2.47//jersey-entity-filtering-2.47.jar
+jersey-hk2/2.47//jersey-hk2-2.47.jar
+jersey-media-json-jackson/2.47//jersey-media-json-jackson-2.47.jar
+jersey-media-multipart/2.47//jersey-media-multipart-2.47.jar
+jersey-server/2.47//jersey-server-2.47.jar
jetcd-api/0.7.7//jetcd-api-0.7.7.jar
jetcd-common/0.7.7//jetcd-common-0.7.7.jar
jetcd-core/0.7.7//jetcd-core-0.7.7.jar
diff --git a/pom.xml b/pom.xml
index 7b59545d35..8ed953fde9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -170,7 +170,7 @@
<jakarta.servlet-api.version>5.0.0</jakarta.servlet-api.version>
<jakarta.xml-bind.version>2.3.2</jakarta.xml-bind.version>
<jakarta.activation.version>1.2.2</jakarta.activation.version>
- <jersey.version>2.40</jersey.version>
+ <jersey.version>2.47</jersey.version>
<jetcd.version>0.7.7</jetcd.version>
<jetty.version>9.4.57.v20241219</jetty.version>
<jline.version>2.14.6</jline.version>
