liko9 opened a new issue, #13563: URL: https://github.com/apache/iceberg/issues/13563
### Apache Iceberg version main (development) ### Query engine Kafka Connect ### Please describe the bug 🐞 When building the Kafka Connect with Hive from main (just in advance of 1.10), a CVE scan finds that we're vulnerable to [CVE-2025-48734](https://nvd.nist.gov/vuln/detail/CVE-2025-48734) due to pulling in a dependency of Hive (commons-beanutils). This is resolved with commons-beanutils 1.11.0 and higher - but in investigating the issue, I found that someon Hive depedencies were being built for the non-Hive connector. ### Willingness to contribute - [x] I can contribute a fix for this bug independently - [ ] I would be willing to contribute a fix for this bug with guidance from the Iceberg community - [ ] I cannot contribute a fix for this bug at this time -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For additional commands, e-mail: issues-h...@iceberg.apache.org
