This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new d5145e4f029 [fix][sec] Override msgpack-core to 0.9.11 to address
CVE-2026-21452 (#25233)
d5145e4f029 is described below
commit d5145e4f029db7b5a4972150322eb9fa11d157de
Author: guptas6est <[email protected]>
AuthorDate: Wed Feb 11 13:37:43 2026 +0530
[fix][sec] Override msgpack-core to 0.9.11 to address CVE-2026-21452
(#25233)
---
pulsar-io/influxdb/pom.xml | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/pulsar-io/influxdb/pom.xml b/pulsar-io/influxdb/pom.xml
index cd6c4c0e90b..70e445ee70c 100644
--- a/pulsar-io/influxdb/pom.xml
+++ b/pulsar-io/influxdb/pom.xml
@@ -31,6 +31,16 @@
<artifactId>pulsar-io-influxdb</artifactId>
<name>Pulsar IO :: InfluxDB</name>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.msgpack</groupId>
+ <artifactId>msgpack-core</artifactId>
+ <version>0.9.11</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
@@ -62,7 +72,7 @@
<dependency>
<groupId>org.influxdb</groupId>
<artifactId>influxdb-java</artifactId>
- <version>2.22</version>
+ <version>2.25</version>
<exclusions>
<exclusion>
<groupId>com.squareup.okhttp3</groupId>
