[jira] [Updated] (HBASE-30193) Override transitive jakarta.mail 1.6.7 to 1.6.8 (CVE-2025-7962)

ASF GitHub Bot (Jira) Sun, 31 May 2026 23:46:11 -0700


     [ 
https://issues.apache.org/jira/browse/HBASE-30193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


ASF GitHub Bot updated HBASE-30193:
-----------------------------------
    Labels: CVE-2025-7962 pull-request-available  (was: CVE-2025-7962)

> Override transitive jakarta.mail 1.6.7 to 1.6.8 (CVE-2025-7962)
> ---------------------------------------------------------------
>
>                 Key: HBASE-30193
>                 URL: https://issues.apache.org/jira/browse/HBASE-30193
>             Project: HBase
>          Issue Type: Task
>    Affects Versions: 2.6.2, 2.6.4, 2.6.5
>            Reporter: Xavier Fernandis
>            Assignee: Xavier Fernandis
>            Priority: Major
>              Labels: CVE-2025-7962, pull-request-available
>
> com.sun.mail:jakarta.mail 1.6.7 is pulled in as a transitive dependency via
> com.sun.xml.ws:jaxws-rt:2.3.7. Version 1.6.7 is affected by CVE-2025-7962
> (SMTP Injection vulnerability).
> Fixed in: 1.6.8 (https://github.com/advisories/GHSA-9342-92gg-6v29)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (HBASE-30193) Override transitive jakarta.mail 1.6.7 to 1.6.8 (CVE-2025-7962)

Reply via email to