This is an automated email from the ASF dual-hosted git repository. xiangfu0 pushed a commit to branch release-1.5.1 in repository https://gitbox.apache.org/repos/asf/pinot.git
commit 165ab819b6e76e02b740330c4deef2821472cb52 Author: Xiang Fu <[email protected]> AuthorDate: Thu Jun 4 13:56:26 2026 -0700 Patch CVEs for 1.5.1: bouncycastle 1.84 via pulsar 4.0.10, commons-configuration2 2.15.0 - pulsar 4.0.9 -> 4.0.10 pulls bouncy-castle-bc 4.0.10 (bcprov/bcpkix/bcutil 1.84), fixing CVE-2026-5598, CVE-2026-0636, CVE-2026-5588 - commons-configuration2 2.13.0 -> 2.15.0 fixes CVE-2026-45205 Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]> --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 2c4551785b2..ffb05a94de3 100644 --- a/pom.xml +++ b/pom.xml @@ -197,7 +197,7 @@ <kafka3.version>3.9.2</kafka3.version> <kafka4.version>4.1.1</kafka4.version> <confluent.version>7.9.5</confluent.version> - <pulsar.version>4.0.9</pulsar.version> + <pulsar.version>4.0.10</pulsar.version> <flink.version>1.20.3</flink.version> <!-- Apache Commons Libraries --> @@ -207,7 +207,7 @@ <commons-compress.version>1.28.0</commons-compress.version> <commons-math3.version>3.6.1</commons-math3.version> <commons-csv.version>1.14.1</commons-csv.version> - <commons-configuration2.version>2.13.0</commons-configuration2.version> + <commons-configuration2.version>2.15.0</commons-configuration2.version> <commons-beanutils.version>1.11.0</commons-beanutils.version> <commons-io.version>2.21.0</commons-io.version> <commons-codec.version>1.21.0</commons-codec.version> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
