This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-4.0 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 9e54ea91e932c46602d29284739b68649711437b Author: Lari Hotari <[email protected]> AuthorDate: Mon Dec 22 10:06:46 2025 +0200 [fix][sec] Upgrade jose4j to 0.9.6 to address CVE-2024-29371 (#25095) (cherry picked from commit 3fb52c5d7494d4020956b7a26db5e9e721c7d555) --- distribution/server/src/assemble/LICENSE.bin.txt | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index 501bef2f11f..baba34a3435 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -264,7 +264,7 @@ The Apache Software License, Version 2.0 * Conscrypt -- org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar * Fastutil -- it.unimi.dsi-fastutil-8.5.16.jar * Proto Google Common Protos -- com.google.api.grpc-proto-google-common-protos-2.59.2.jar - * Bitbucket -- org.bitbucket.b_c-jose4j-0.9.4.jar + * Bitbucket -- org.bitbucket.b_c-jose4j-0.9.6.jar * Gson - com.google.code.gson-gson-2.13.2.jar - io.gsonfire-gson-fire-1.8.5.jar diff --git a/pom.xml b/pom.xml index b736bbaceb2..3c3ab4ba4b2 100644 --- a/pom.xml +++ b/pom.xml @@ -281,7 +281,7 @@ flexible messaging model and an intuitive client API.</description> <jakarta.validation.version>2.0.2</jakarta.validation.version> <jna.version>5.12.1</jna.version> <kubernetesclient.version>18.0.0</kubernetesclient.version> - <jose4j.version>0.9.4</jose4j.version> + <jose4j.version>0.9.6</jose4j.version> <okhttp3.version>4.9.3</okhttp3.version> <!-- use okio version that matches the okhttp3 version --> <okio.version>3.4.0</okio.version>
