From 15161b9c458ad2a856bc2ce78bc28320a5d45097 Mon Sep 17 00:00:00 2001 From: Sanaya Gupta Date: Wed, 5 Nov 2025 12:39:15 +0000 Subject: [PATCH 1/3] [fix][sec] Added Exclusions for tomcat-embed-core and derby to remediate CVEs --- pulsar-io/flume/pom.xml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pulsar-io/flume/pom.xml b/pulsar-io/flume/pom.xml index 3a87252645592..22a8cdda1f5c0 100644 --- a/pulsar-io/flume/pom.xml +++ b/pulsar-io/flume/pom.xml @@ -61,6 +61,14 @@ avro org.apache.avro + + org.apache.tomcat.embed + tomcat-embed-core + + + org.apache.derby + derby + From 95b70030de9fad3f7011fd95594a6c5733f022b2 Mon Sep 17 00:00:00 2001 From: Sanaya Gupta Date: Wed, 5 Nov 2025 12:48:00 +0000 Subject: [PATCH 2/3] [fix][sec] Override mina-core to remediate CVEs --- pom.xml | 1 + pulsar-io/flume/pom.xml | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/pom.xml b/pom.xml index ae8d90139034b..977dfaa8c4382 100644 --- a/pom.xml +++ b/pom.xml @@ -372,6 +372,7 @@ flexible messaging model and an intuitive client API. 9.37.4 1.11.0 2.12.0 + 2.1.10 diff --git a/pulsar-io/flume/pom.xml b/pulsar-io/flume/pom.xml index 22a8cdda1f5c0..5dba7cd22d7ba 100644 --- a/pulsar-io/flume/pom.xml +++ b/pulsar-io/flume/pom.xml @@ -31,6 +31,16 @@ pulsar-io-flume Pulsar IO :: Flume + + + + org.apache.mina + mina-core + 2.1.10 + + + + ${project.groupId} From 580cd384aad9e07b0fc0959826a28d8885834713 Mon Sep 17 00:00:00 2001 From: Sanaya Gupta Date: Wed, 5 Nov 2025 16:43:59 +0000 Subject: [PATCH 3/3] [fix][sec] Added Exclusions for tomcat-embed-core and derby and override mina-core to remediate CVEs --- pulsar-io/flume/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pulsar-io/flume/pom.xml b/pulsar-io/flume/pom.xml index 5dba7cd22d7ba..eba8080eaf51d 100644 --- a/pulsar-io/flume/pom.xml +++ b/pulsar-io/flume/pom.xml @@ -36,7 +36,7 @@ org.apache.mina mina-core - 2.1.10 + ${mina-core.version}