This is an automated email from the ASF dual-hosted git repository.

xiangfu0 pushed a commit to branch release-1.5.1
in repository https://gitbox.apache.org/repos/asf/pinot.git

commit 165ab819b6e76e02b740330c4deef2821472cb52
Author: Xiang Fu <[email protected]>
AuthorDate: Thu Jun 4 13:56:26 2026 -0700

    Patch CVEs for 1.5.1: bouncycastle 1.84 via pulsar 4.0.10, 
commons-configuration2 2.15.0
    
    - pulsar 4.0.9 -> 4.0.10 pulls bouncy-castle-bc 4.0.10 
(bcprov/bcpkix/bcutil 1.84),
      fixing CVE-2026-5598, CVE-2026-0636, CVE-2026-5588
    - commons-configuration2 2.13.0 -> 2.15.0 fixes CVE-2026-45205
    
    Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 2c4551785b2..ffb05a94de3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -197,7 +197,7 @@
     <kafka3.version>3.9.2</kafka3.version>
     <kafka4.version>4.1.1</kafka4.version>
     <confluent.version>7.9.5</confluent.version>
-    <pulsar.version>4.0.9</pulsar.version>
+    <pulsar.version>4.0.10</pulsar.version>
     <flink.version>1.20.3</flink.version>
 
     <!-- Apache Commons Libraries -->
@@ -207,7 +207,7 @@
     <commons-compress.version>1.28.0</commons-compress.version>
     <commons-math3.version>3.6.1</commons-math3.version>
     <commons-csv.version>1.14.1</commons-csv.version>
-    <commons-configuration2.version>2.13.0</commons-configuration2.version>
+    <commons-configuration2.version>2.15.0</commons-configuration2.version>
     <commons-beanutils.version>1.11.0</commons-beanutils.version>
     <commons-io.version>2.21.0</commons-io.version>
     <commons-codec.version>1.21.0</commons-codec.version>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to