This is an automated email from the ASF dual-hosted git repository.
pdallig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new 410b160c69 [MINOR] commons-beanutils 1.11.0
410b160c69 is described below
commit 410b160c692bbb55b814afc095b1f2e65d335b8b
Author: PJ Fanning <pjfann...@users.noreply.github.com>
AuthorDate: Tue Jul 29 08:49:34 2025 +0100
[MINOR] commons-beanutils 1.11.0
### What is this PR for?
contains fix for CVE-2025-48734
replaces #4935
### What type of PR is it?
Bug Fix
Improvement
Feature
Documentation
Hot Fix
Refactoring
*Please leave your type of PR only*
### Todos
* [ ] - Task
### What is the Jira issue?
* Open an issue on Jira https://issues.apache.org/jira/browse/ZEPPELIN/
* Put link here, and add [ZEPPELIN-*Jira number*] in PR title, eg.
[ZEPPELIN-533]
### How should this be tested?
* Strongly recommended: add automated unit tests for any new or changed
behavior
* Outline any manual steps to test the PR here.
### Screenshots (if appropriate)
### Questions:
* Does the license files need to update?
* Is there breaking changes for older versions?
* Does this needs documentation?
Closes #4967 from pjfanning/beanutils.
Signed-off-by: Philipp Dallig <philipp.dal...@gmail.com>
---
zeppelin-distribution/src/bin_license/LICENSE | 2 +-
zeppelin-interpreter/pom.xml | 2 +-
zeppelin-server/pom.xml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/zeppelin-distribution/src/bin_license/LICENSE
b/zeppelin-distribution/src/bin_license/LICENSE
index fabd8f28fe..e82c18f43b 100644
--- a/zeppelin-distribution/src/bin_license/LICENSE
+++ b/zeppelin-distribution/src/bin_license/LICENSE
@@ -143,7 +143,7 @@ The following components are provided under Apache License.
(Apache 2.0) akka-remote (com.typesafe.akka:akka-remote_2.10:2.3.7 -
http://akka.io/)
(Apache 2.0) akka-slf4j (com.typesafe.akka:akka-slf4j_2.10:2.3.7 -
http://akka.io/)
(Apache 2.0) Metrics Core Library (com.yammer.metrics:metrics-core:2.2.0 -
http://metrics.codahale.com/metrics-core/)
- (Apache 2.0) Commons BeanUtils Bean Collections
(commons-beanutils:commons-beanutils-bean-collections:1.9.4 -
http://commons.apache.org/beanutils/)
+ (Apache 2.0) Commons BeanUtils Bean Collections
(commons-beanutils:commons-beanutils-bean-collections:1.11.0 -
http://commons.apache.org/beanutils/)
(Apache 2.0) Apache Log4j (log4j:log4j:1.2.17 -
http://logging.apache.org/log4j/1.2/)
(Apache 2.0) Apache Avro IPC (org.apache.avro:avro-ipc:1.8.1 -
http://avro.apache.org)
(Apache 2.0) Apache Avro Mapred API (org.apache.avro:avro-mapred:1.8.1 -
http://avro.apache.org/avro-mapred)
diff --git a/zeppelin-interpreter/pom.xml b/zeppelin-interpreter/pom.xml
index 1a1ea2ce6c..73d11f86ae 100644
--- a/zeppelin-interpreter/pom.xml
+++ b/zeppelin-interpreter/pom.xml
@@ -91,7 +91,7 @@
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
- <version>1.9.4</version>
+ <version>1.11.0</version>
<exclusions>
<!-- using jcl-over-slf4j instead -->
<exclusion>
diff --git a/zeppelin-server/pom.xml b/zeppelin-server/pom.xml
index 4a3a4be702..86fb05c55f 100644
--- a/zeppelin-server/pom.xml
+++ b/zeppelin-server/pom.xml
@@ -212,7 +212,7 @@
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
- <version>1.9.4</version>
+ <version>1.11.0</version>
<exclusions>
<!-- using jcl-over-slf4j instead -->
<exclusion>
