This is an automated email from the ASF dual-hosted git repository.
mimaison pushed a commit to branch 4.3
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/4.3 by this push:
new df5748c6c14 KAFKA-20373: Bump maven artifact to 3.9.15 (#21911)
df5748c6c14 is described below
commit df5748c6c14dfb8bd3be93a47a5a089b9aeec809
Author: averemee-si <[email protected]>
AuthorDate: Fri Apr 17 20:42:43 2026 +0200
KAFKA-20373: Bump maven artifact to 3.9.15 (#21911)
Bump maven-artifact to resolve plexus-utils CVE:
[CVE-2025-67030](https://www.cve.org/CVERecord?id=CVE-2025-67030).
Reviewers: Chia-Ping Tsai <[email protected]>, Mickael Maison
<[email protected]>
---
LICENSE-binary | 4 ++--
gradle/dependencies.gradle | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/LICENSE-binary b/LICENSE-binary
index 0895c2a5bf3..c1b6a6a9e6c 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -242,10 +242,10 @@ License Version 2.0:
- log4j-slf4j-impl-2.25.3
- log4j-1.2-api-2.25.3
- lz4-java-1.10.2
-- maven-artifact-3.9.11
+- maven-artifact-3.9.15
- metrics-core-2.2.0
- opentelemetry-proto-1.3.2-alpha
-- plexus-utils-3.6.0
+- plexus-utils-3.6.1
- rocksdbjni-10.1.3
- scala-library-2.13.18
- scala-logging_2.13-3.9.6
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 21cf33c498c..e2d564c873e 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -114,7 +114,7 @@ versions += [
//
https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/record/internal/CompressionType.java#L73-L74
//
https://github.com/yawkat/lz4-java/blob/main/src/java/net/jpountz/lz4/LZ4Constants.java#L23-L24
lz4: "1.10.2",
- mavenArtifact: "3.9.11",
+ mavenArtifact: "3.9.15",
metrics: "2.2.0",
mockito: "5.20.0",
opentelemetryProto: "1.3.2-alpha",
