Skip to content

Commit 7a29abf

Browse files
lhotarilhotari
authored
Upgrade commons-beanutils to 1.11.0 to address CVE-2025-48734 (#4608)
1 parent 1ba4042 commit 7a29abf

File tree

4 files changed

+7
-7
lines changed

4 files changed

+7
-7
lines changed

bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -211,7 +211,7 @@ Apache Software License, Version 2.
211211
- lib/com.google.guava-guava-32.0.1-jre.jar [4]
212212
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
213213
- lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4]
214-
- lib/commons-beanutils-commons-beanutils-1.10.1.jar [62]
214+
- lib/commons-beanutils-commons-beanutils-1.11.0.jar [62]
215215
- lib/commons-cli-commons-cli-1.9.0.jar [5]
216216
- lib/commons-codec-commons-codec-1.18.0.jar [6]
217217
- lib/commons-collections-commons-collections-3.2.2.jar [62]
@@ -420,7 +420,7 @@ Apache Software License, Version 2.
420420
[59] Source available at https://github.com/open-telemetry/opentelemetry-java-instrumentation/tree/v1.33.6
421421
[60] Source available at https://github.com/prometheus/client_java/tree/v1.3.4
422422
[61] Source available at https://github.com/apache/commons-text/tree/rel/commons-text-1.13.1
423-
[62] Source available at https://github.com/apache/commons-beanutils/tree/rel/commons-beanutils-1.10.1
423+
[62] Source available at https://github.com/apache/commons-beanutils/tree/rel/commons-beanutils-1.11.0
424424
[63] Source available at https://github.com/apache/commons-collections/tree/collections-3.3.2
425425
------------------------------------------------------------------------------------
426426
lib/io.netty-netty-codec-4.1.121.Final.jar bundles some 3rd party dependencies

bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -211,7 +211,7 @@ Apache Software License, Version 2.
211211
- lib/com.google.guava-guava-32.0.1-jre.jar [4]
212212
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
213213
- lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4]
214-
- lib/commons-beanutils-commons-beanutils-1.10.1.jar [57]
214+
- lib/commons-beanutils-commons-beanutils-1.11.0.jar [57]
215215
- lib/commons-cli-commons-cli-1.9.0.jar [5]
216216
- lib/commons-codec-commons-codec-1.18.0.jar [6]
217217
- lib/commons-collections-commons-collections-3.2.2.jar [58]
@@ -354,7 +354,7 @@ Apache Software License, Version 2.
354354
[54] Source available at https://github.com/open-telemetry/opentelemetry-java/releases/tag/v1.45.0
355355
[55] Source available at https://github.com/apache/commons-lang/tree/rel/commons-lang-3.17.0
356356
[56] Source available at https://github.com/apache/commons-text/tree/rel/commons-text-1.13.1
357-
[57] Source available at https://github.com/apache/commons-beanutils/tree/rel/commons-beanutils-1.10.1
357+
[57] Source available at https://github.com/apache/commons-beanutils/tree/rel/commons-beanutils-1.11.0
358358
[58] Source available at https://github.com/apache/commons-collections/tree/collections-3.3.2
359359
------------------------------------------------------------------------------------
360360
lib/io.netty-netty-codec-4.1.121.Final.jar bundles some 3rd party dependencies

bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -211,7 +211,7 @@ Apache Software License, Version 2.
211211
- lib/com.google.guava-guava-32.0.1-jre.jar [4]
212212
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
213213
- lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4]
214-
- lib/commons-beanutils-commons-beanutils-1.10.1.jar [61]
214+
- lib/commons-beanutils-commons-beanutils-1.11.0.jar [61]
215215
- lib/commons-cli-commons-cli-1.9.0.jar [5]
216216
- lib/commons-codec-commons-codec-1.18.0.jar [6]
217217
- lib/commons-collections-commons-collections-3.2.2.jar [62]
@@ -415,7 +415,7 @@ Apache Software License, Version 2.
415415
[58] Source available at https://github.com/open-telemetry/opentelemetry-java-instrumentation/tree/v1.33.6
416416
[59] Source available at https://github.com/prometheus/client_java/tree/v1.3.4
417417
[60] Source available at https://github.com/apache/commons-text/tree/rel/commons-text-1.13.1
418-
[61] Source available at https://github.com/apache/commons-beanutils/tree/rel/commons-beanutils-1.10.1
418+
[61] Source available at https://github.com/apache/commons-beanutils/tree/rel/commons-beanutils-1.11.0
419419
[62] Source available at https://github.com/apache/commons-collections/tree/collections-3.3.2
420420
------------------------------------------------------------------------------------
421421
lib/io.netty-netty-codec-4.1.121.Final.jar bundles some 3rd party dependencies

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@
124124
<commons-collections4.version>4.1</commons-collections4.version>
125125
<commons-codec.version>1.18.0</commons-codec.version>
126126
<commons-configuration2.version>2.12.0</commons-configuration2.version>
127-
<commons-beanutils.version>1.10.1</commons-beanutils.version>
127+
<commons-beanutils.version>1.11.0</commons-beanutils.version>
128128
<commons-compress.version>1.27.1</commons-compress.version>
129129
<commons-lang.version>2.6</commons-lang.version>
130130
<commons-lang3.version>3.17.0</commons-lang3.version>

0 commit comments

Comments
 (0)