This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-4.1 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 2fa1578ff1ace490d5cdcad1bb97b822f2bd66b5 Author: guptas6est <[email protected]> AuthorDate: Thu Nov 6 15:44:44 2025 +0000 [fix][sec] Update Hbase version to 2.6.3-hadoop3 and exclude Avro from hbase-client to remediate CVEs (#24953) (cherry picked from commit 34b3654841d1d135d767669a75b8539e6dfb4ff2) --- pom.xml | 2 +- pulsar-io/hbase/pom.xml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 6451483d781..2bca67795b5 100644 --- a/pom.xml +++ b/pom.xml @@ -255,7 +255,7 @@ flexible messaging model and an intuitive client API.</description> <hadoop3.version>3.4.1</hadoop3.version> <dnsjava3.version>3.6.2</dnsjava3.version> <hdfs-offload-version3>${hadoop3.version}</hdfs-offload-version3> - <hbase.version>2.6.0-hadoop3</hbase.version> + <hbase.version>2.6.3-hadoop3</hbase.version> <guava.version>33.4.8-jre</guava.version> <jcip.version>1.0</jcip.version> <prometheus-jmx.version>0.16.1</prometheus-jmx.version> diff --git a/pulsar-io/hbase/pom.xml b/pulsar-io/hbase/pom.xml index f8f6c72ccb9..e8f5d1d2dcc 100644 --- a/pulsar-io/hbase/pom.xml +++ b/pulsar-io/hbase/pom.xml @@ -77,6 +77,10 @@ <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> </exclusion> + <exclusion> + <groupId>org.apache.avro</groupId> + <artifactId>avro</artifactId> + </exclusion> </exclusions> </dependency>
