Xavier Fernandis created HBASE-30193:
----------------------------------------
Summary: Override transitive jakarta.mail 1.6.7 to 1.6.8
(CVE-2025-7962)
Key: HBASE-30193
URL: https://issues.apache.org/jira/browse/HBASE-30193
Project: HBase
Issue Type: Task
Affects Versions: 2.6.5, 2.6.4, 2.6.2
Reporter: Xavier Fernandis
Assignee: Xavier Fernandis
com.sun.mail:jakarta.mail 1.6.7 is pulled in as a transitive dependency via
com.sun.xml.ws:jaxws-rt:2.3.7. Version 1.6.7 is affected by CVE-2025-7962
(SMTP Injection vulnerability).
Fixed in: 1.6.8 (https://github.com/advisories/GHSA-9342-92gg-6v29)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
