This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 8cb1040336e [fix][sec] Override kafka-clients in kinesis-kpl-shaded to
remediate CVE-2024-31141 and CVE-2025-27817 (#24935)
8cb1040336e is described below
commit 8cb1040336e8a397ff60220842102c99f712348b
Author: guptas6est <[email protected]>
AuthorDate: Mon Nov 3 15:57:04 2025 +0000
[fix][sec] Override kafka-clients in kinesis-kpl-shaded to remediate
CVE-2024-31141 and CVE-2025-27817 (#24935)
---
pulsar-io/kinesis-kpl-shaded/pom.xml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/pulsar-io/kinesis-kpl-shaded/pom.xml
b/pulsar-io/kinesis-kpl-shaded/pom.xml
index a248a48b47b..d2fafb13e48 100644
--- a/pulsar-io/kinesis-kpl-shaded/pom.xml
+++ b/pulsar-io/kinesis-kpl-shaded/pom.xml
@@ -53,6 +53,12 @@
<type>pom</type>
<scope>import</scope>
</dependency>
+ <!-- enforce kafka client version that gets pulled transitively -->
+ <dependency>
+ <groupId>org.apache.kafka</groupId>
+ <artifactId>kafka-clients</artifactId>
+ <version>${kafka-client.version}</version>
+ </dependency>
</dependencies>
</dependencyManagement>
<dependencies>
