[
https://issues.apache.org/jira/browse/KAFKA-19739?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18023130#comment-18023130
]
Patrik Nagy commented on KAFKA-19739:
-------------------------------------
After bumping the commons-validator, the upgraded commons-beanutils is used:
{code:java}
| +--- commons-validator:commons-validator:1.10.0
| | +--- commons-beanutils:commons-beanutils:1.11.0{code}
There is still old commons-beanutils in the project, but that comes from
checkstyle which is not production related:
{code:java}
\--- com.puppycrawl.tools:checkstyle:10.20.2
+--- commons-beanutils:commons-beanutils:1.9.4{code}
Upgrading the checkstyle should be done in another ticket.
> Upgrade commons-validator to 1.10.0
> -----------------------------------
>
> Key: KAFKA-19739
> URL: https://issues.apache.org/jira/browse/KAFKA-19739
> Project: Kafka
> Issue Type: Task
> Reporter: Patrik Nagy
> Assignee: Patrik Nagy
> Priority: Major
>
> In KAFKA-19359, the commons-beanutils transitive dependency was force bumped
> in the project to avoid related CVEs. The commons-validator already has a new
> release, which solves this problem.
> The force bump does not exist on all lines, so deleting the workaround is
> only needed on branches where applicable.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
