(kyuubi) branch master updated: [KYUUBI #7331] Bump org.apache.logging.log4j:log4j-core from 2.24.3 to 2.25.3

Sun, 01 Mar 2026 22:32:23 -0800 

This is an automated email from the ASF dual-hosted git repository.

chengpan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git


The following commit(s) were added to refs/heads/master by this push:
     new f3199219bd [KYUUBI #7331] Bump org.apache.logging.log4j:log4j-core 
from 2.24.3 to 2.25.3
f3199219bd is described below

commit f3199219bd8439c571c11e797170ec134b62db05
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Mon Mar 2 14:31:26 2026 +0800

    [KYUUBI #7331] Bump org.apache.logging.log4j:log4j-core from 2.24.3 to 
2.25.3
    
    Bumps org.apache.logging.log4j:log4j-core from 2.24.3 to 2.25.3.
    
    [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.logging.log4j:log4j-core&package-manager=maven&previous-version=2.24.3&new-version=2.25.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
    
    Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `dependabot rebase` will rebase this PR
    - `dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
    - `dependabot show <dependency name> ignore conditions` will show all of 
the ignore conditions of the specified dependency
    - `dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
    - `dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
    - `dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the [Security 
Alerts page](https://github.com/apache/kyuubi/network/alerts).
    
    </details>
    
    Closes #7331 from 
dependabot[bot]/dependabot/maven/org.apache.logging.log4j-log4j-core-2.25.3.
    
    Closes #7331
    
    19409ab09 [Cheng Pan] update dependencyList
    ce7643357 [dependabot[bot]] Bump org.apache.logging.log4j:log4j-core from 
2.24.3 to 2.25.3
    
    Lead-authored-by: dependabot[bot] 
<49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Cheng Pan <[email protected]>
    Signed-off-by: Cheng Pan <[email protected]>
---
 dev/dependencyList | 10 +++++-----
 pom.xml            |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 7c5bc158b7..f77abbbe84 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -124,11 +124,11 @@ 
kubernetes-model-rbac/6.14.0//kubernetes-model-rbac-6.14.0.jar
 kubernetes-model-resource/6.14.0//kubernetes-model-resource-6.14.0.jar
 kubernetes-model-scheduling/6.14.0//kubernetes-model-scheduling-6.14.0.jar
 kubernetes-model-storageclass/6.14.0//kubernetes-model-storageclass-6.14.0.jar
-log4j-1.2-api/2.24.3//log4j-1.2-api-2.24.3.jar
-log4j-api/2.24.3//log4j-api-2.24.3.jar
-log4j-core/2.24.3//log4j-core-2.24.3.jar
-log4j-layout-template-json/2.24.3//log4j-layout-template-json-2.24.3.jar
-log4j-slf4j-impl/2.24.3//log4j-slf4j-impl-2.24.3.jar
+log4j-1.2-api/2.25.3//log4j-1.2-api-2.25.3.jar
+log4j-api/2.25.3//log4j-api-2.25.3.jar
+log4j-core/2.25.3//log4j-core-2.25.3.jar
+log4j-layout-template-json/2.25.3//log4j-layout-template-json-2.25.3.jar
+log4j-slf4j-impl/2.25.3//log4j-slf4j-impl-2.25.3.jar
 logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar
 metrics-annotation/4.2.30//metrics-annotation-4.2.30.jar
 metrics-core/4.2.30//metrics-core-4.2.30.jar
diff --git a/pom.xml b/pom.xml
index 77b852b34b..412d1060b9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -182,7 +182,7 @@
         <kyuubi-relocated.version>0.6.0</kyuubi-relocated.version>
         
<kyuubi-relocated-zookeeper.artifacts>kyuubi-relocated-zookeeper-34</kyuubi-relocated-zookeeper.artifacts>
         <ldapsdk.version>6.0.5</ldapsdk.version>
-        <log4j.version>2.24.3</log4j.version>
+        <log4j.version>2.25.3</log4j.version>
         <mysql.jdbc.version>8.4.0</mysql.jdbc.version>
         <mockito.version>4.11.0</mockito.version>
         <netty.version>4.2.7.Final</netty.version>

Reply via email to