Skip to content

Commit a50b7e6

Browse files
lhotarimerlimat
lhotari
authored and
merlimat
committed
Upgrade commons-beanutils to 1.11.0 to address CVE-2025-48734 (#4608)
1 parent 542ea09 commit a50b7e6

File tree

4 files changed

+7
-7
lines changed

4 files changed

+7
-7
lines changed

bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -211,7 +211,7 @@ Apache Software License, Version 2.
211211
- lib/com.google.guava-guava-32.0.1-jre.jar [4]
212212
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
213213
- lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4]
214-
- lib/commons-beanutils-commons-beanutils-1.10.1.jar [62]
214+
- lib/commons-beanutils-commons-beanutils-1.11.0.jar [62]
215215
- lib/commons-cli-commons-cli-1.9.0.jar [5]
216216
- lib/commons-codec-commons-codec-1.18.0.jar [6]
217217
- lib/commons-collections-commons-collections-3.2.2.jar [62]
@@ -418,7 +418,7 @@ Apache Software License, Version 2.
418418
[59] Source available at https://github.com/open-telemetry/opentelemetry-java-instrumentation/tree/v1.33.6
419419
[60] Source available at https://github.com/prometheus/client_java/tree/v1.3.4
420420
[61] Source available at https://github.com/apache/commons-text/tree/rel/commons-text-1.13.1
421-
[62] Source available at https://github.com/apache/commons-beanutils/tree/rel/commons-beanutils-1.10.1
421+
[62] Source available at https://github.com/apache/commons-beanutils/tree/rel/commons-beanutils-1.11.0
422422
[63] Source available at https://github.com/apache/commons-collections/tree/collections-3.3.2
423423
------------------------------------------------------------------------------------
424424
lib/io.netty-netty-codec-4.1.121.Final.jar bundles some 3rd party dependencies

bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -211,7 +211,7 @@ Apache Software License, Version 2.
211211
- lib/com.google.guava-guava-32.0.1-jre.jar [4]
212212
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
213213
- lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4]
214-
- lib/commons-beanutils-commons-beanutils-1.10.1.jar [57]
214+
- lib/commons-beanutils-commons-beanutils-1.11.0.jar [57]
215215
- lib/commons-cli-commons-cli-1.9.0.jar [5]
216216
- lib/commons-codec-commons-codec-1.18.0.jar [6]
217217
- lib/commons-collections-commons-collections-3.2.2.jar [58]
@@ -352,7 +352,7 @@ Apache Software License, Version 2.
352352
[54] Source available at https://github.com/open-telemetry/opentelemetry-java/releases/tag/v1.45.0
353353
[55] Source available at https://github.com/apache/commons-lang/tree/rel/commons-lang-3.17.0
354354
[56] Source available at https://github.com/apache/commons-text/tree/rel/commons-text-1.13.1
355-
[57] Source available at https://github.com/apache/commons-beanutils/tree/rel/commons-beanutils-1.10.1
355+
[57] Source available at https://github.com/apache/commons-beanutils/tree/rel/commons-beanutils-1.11.0
356356
[58] Source available at https://github.com/apache/commons-collections/tree/collections-3.3.2
357357
------------------------------------------------------------------------------------
358358
lib/io.netty-netty-codec-4.1.121.Final.jar bundles some 3rd party dependencies

bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -211,7 +211,7 @@ Apache Software License, Version 2.
211211
- lib/com.google.guava-guava-32.0.1-jre.jar [4]
212212
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
213213
- lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4]
214-
- lib/commons-beanutils-commons-beanutils-1.10.1.jar [61]
214+
- lib/commons-beanutils-commons-beanutils-1.11.0.jar [61]
215215
- lib/commons-cli-commons-cli-1.9.0.jar [5]
216216
- lib/commons-codec-commons-codec-1.18.0.jar [6]
217217
- lib/commons-collections-commons-collections-3.2.2.jar [62]
@@ -413,7 +413,7 @@ Apache Software License, Version 2.
413413
[58] Source available at https://github.com/open-telemetry/opentelemetry-java-instrumentation/tree/v1.33.6
414414
[59] Source available at https://github.com/prometheus/client_java/tree/v1.3.4
415415
[60] Source available at https://github.com/apache/commons-text/tree/rel/commons-text-1.13.1
416-
[61] Source available at https://github.com/apache/commons-beanutils/tree/rel/commons-beanutils-1.10.1
416+
[61] Source available at https://github.com/apache/commons-beanutils/tree/rel/commons-beanutils-1.11.0
417417
[62] Source available at https://github.com/apache/commons-collections/tree/collections-3.3.2
418418
------------------------------------------------------------------------------------
419419
lib/io.netty-netty-codec-4.1.121.Final.jar bundles some 3rd party dependencies

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -122,7 +122,7 @@
122122
<commons-collections4.version>4.1</commons-collections4.version>
123123
<commons-codec.version>1.18.0</commons-codec.version>
124124
<commons-configuration2.version>2.12.0</commons-configuration2.version>
125-
<commons-beanutils.version>1.10.1</commons-beanutils.version>
125+
<commons-beanutils.version>1.11.0</commons-beanutils.version>
126126
<commons-compress.version>1.27.1</commons-compress.version>
127127
<commons-lang.version>2.6</commons-lang.version>
128128
<commons-lang3.version>3.17.0</commons-lang3.version>

0 commit comments

Comments
 (0)