This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-4.1 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit f88c407caaa5d5575280b8d6f72a34712555c875 Author: Lari Hotari <[email protected]> AuthorDate: Mon Dec 22 10:06:46 2025 +0200 [fix][sec] Upgrade jose4j to 0.9.6 to address CVE-2024-29371 (#25095) (cherry picked from commit 3fb52c5d7494d4020956b7a26db5e9e721c7d555) --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 1cff3a7d0ef..2e055647c5b 100644 --- a/pom.xml +++ b/pom.xml @@ -284,7 +284,7 @@ flexible messaging model and an intuitive client API.</description> <jakarta.validation.version>2.0.2</jakarta.validation.version> <jna.version>5.12.1</jna.version> <kubernetesclient.version>18.0.0</kubernetesclient.version> - <jose4j.version>0.9.4</jose4j.version> + <jose4j.version>0.9.6</jose4j.version> <okhttp3.version>5.3.1</okhttp3.version> <!-- use okio version that matches the okhttp3 version --> <okio.version>3.16.3</okio.version>
