MLE-24494 Bumped zookeeper to 3.9.4

build.gradle

@@ -40,25 +40,6 @@ subprojects {
     }
   }
 
-  configurations.all {
-    resolutionStrategy.eachDependency { DependencyResolveDetails details ->
-      // These all impact Spark and its dependencies, but not the published connector as the connector does not contain
-      // any Spark libraries.
-      if (details.requested.group.equals("org.apache.hadoop") and details.requested.version.equals("3.4.1")) {
-        details.useVersion "3.4.2"
-        details.because "Using 3.4.2 to minimize CVEs and because Flux is doing the same thing."
-      }
-      if (details.requested.group.equals("org.codehaus.janino")) {
-        details.useVersion "3.1.12"
-        details.because "Bumping from 3.1.9 (what Spark SQL 4.0.1 depends on) to 3.1.12 to minimize CVEs."
-      }
-      if (details.requested.group.equals("io.netty") and details.requested.version.startsWith("4.1.1")) {
-        details.useVersion "4.1.127.Final"
-        details.because "Bumping from 4.1.118 (what Spark SQL 4.0.1 depends on) to 4.1.127 to minimize CVEs."
-      }
-    }
-  }
-
   test {
     useJUnitPlatform()
     finalizedBy jacocoTestReport

marklogic-spark-connector/build.gradle

@@ -3,9 +3,36 @@ plugins {
   id 'maven-publish'
 }
 
+configurations {
+  all {
+    resolutionStrategy.eachDependency { DependencyResolveDetails details ->
+      // These all impact Spark and its dependencies, but not the published connector as the connector does not contain
+      // any Spark libraries.
+      if (details.requested.group.equals("org.apache.hadoop") and details.requested.version.equals("3.4.1")) {
+        details.useVersion "3.4.2"
+        details.because "Using 3.4.2 to minimize CVEs and because Flux is doing the same thing."
+      }
+      if (details.requested.group.equals("org.codehaus.janino")) {
+        details.useVersion "3.1.12"
+        details.because "Bumping from 3.1.9 (what Spark SQL 4.0.1 depends on) to 3.1.12 to minimize CVEs."
+      }
+      if (details.requested.group.equals("io.netty") and details.requested.version.startsWith("4.1.1")) {
+        details.useVersion "4.1.127.Final"
+        details.because "Bumping from 4.1.118 (what Spark SQL 4.0.1 depends on) to 4.1.127 to minimize CVEs."
+      }
+    }
+
+    resolutionStrategy {
+      // Addresses CVE-2025-58457; Spark depends on 3.9.3, and the CVE is fixed in 3.9.4.
+      force "org.apache.zookeeper:zookeeper:3.9.4"
+    }
+  }
+}
+
+
 dependencies {
   // Need to compile against Spark, but its libraries are not part of the connector jar.
-  compileOnly ("org.apache.spark:spark-sql_2.13:${sparkVersion}") {
+  compileOnly("org.apache.spark:spark-sql_2.13:${sparkVersion}") {
     // Excluded from Flux for size reasons, so excluded here as well to ensure we don't need it when running tests.
     exclude module: "rocksdbjni"
   }
@@ -53,7 +80,7 @@ dependencies {
   // Needed for some XML operations that are far easier with JDOM2 than with DOM.
   implementation "org.jdom:jdom2:2.0.6.1"
 
-  implementation ("dev.langchain4j:langchain4j:${langchain4jVersion}") {
+  implementation("dev.langchain4j:langchain4j:${langchain4jVersion}") {
     exclude group: "com.fasterxml.jackson.core"
   }
 
@@ -67,12 +94,12 @@ dependencies {
   // org.junit.platform.commons.JUnitException: TestEngine with ID 'junit-jupiter' failed to discover tests
   testRuntimeOnly "org.junit.platform:junit-platform-launcher:1.13.4"
 
-  testImplementation ("org.apache.spark:spark-sql_2.13:${sparkVersion}") {
+  testImplementation("org.apache.spark:spark-sql_2.13:${sparkVersion}") {
     exclude module: "rocksdbjni"
   }
 
   // Supports testing the embedder feature.
-  testImplementation ("dev.langchain4j:langchain4j-embeddings-all-minilm-l6-v2:1.5.0-beta11") {
+  testImplementation("dev.langchain4j:langchain4j-embeddings-all-minilm-l6-v2:1.5.0-beta11") {
     exclude group: "com.fasterxml.jackson.core"
   }