This is an automated email from the ASF dual-hosted git repository.
mimaison pushed a commit to branch 4.2
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/4.2 by this push:
new c782ceecb2f KAFKA-20373: Bump maven artifact to 3.9.15 (#21911)
c782ceecb2f is described below
commit c782ceecb2f18935f17a162dabb1957f50fdf665
Author: averemee-si <[email protected]>
AuthorDate: Fri Apr 17 20:42:43 2026 +0200
KAFKA-20373: Bump maven artifact to 3.9.15 (#21911)
Bump maven-artifact to resolve plexus-utils CVE:
[CVE-2025-67030](https://www.cve.org/CVERecord?id=CVE-2025-67030).
Reviewers: Chia-Ping Tsai <[email protected]>, Mickael Maison
<[email protected]>
---
LICENSE-binary | 4 ++--
gradle/dependencies.gradle | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/LICENSE-binary b/LICENSE-binary
index 9e8c6ab18dc..7ab8db51bd1 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -243,10 +243,10 @@ License Version 2.0:
- log4j-slf4j-impl-2.25.3
- log4j-1.2-api-2.25.3
- lz4-java-1.10.1
-- maven-artifact-3.9.6
+- maven-artifact-3.9.15
- metrics-core-2.2.0
- opentelemetry-proto-1.3.2-alpha
-- plexus-utils-3.5.1
+- plexus-utils-3.6.1
- rocksdbjni-10.1.3
- scala-library-2.13.17
- scala-logging_2.13-3.9.6
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index eb8040cfb08..eaa9dbcaac3 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -113,7 +113,7 @@ versions += [
//
https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/record/CompressionType.java#L73-L74
//
https://github.com/yawkat/lz4-java/blob/main/src/java/net/jpountz/lz4/LZ4Constants.java#L23-L24
lz4: "1.10.1",
- mavenArtifact: "3.9.6",
+ mavenArtifact: "3.9.15",
metrics: "2.2.0",
mockito: "5.20.0",
opentelemetryProto: "1.3.2-alpha",
