druid/35.0.1-r1: cve remediation #76563
Merged
Octo STS / staging-autofix
completed
Dec 30, 2025 in 0s
Merge report generated
Merge Report
First Commit SHA: 31a21516aebddc93b296f93e0008e80d46e75552
Embeddings Stored
Stored 1 embedding(s) in the vector index:
- Datapoint ID:
880bf19a-0378-467e-a142-3639a11b7e12
Error: java.lang.NoSuchFieldError: INSTANCE
Patch
From f101c42f5c25d6939065569a022451a6aff86042 Mon Sep 17 00:00:00 2001
From: Brian Carey <brian.carey@chainguard.dev>
Date: Tue, 30 Dec 2025 11:14:50 +0000
Subject: [PATCH] druid: Add log4j version bump to v2.25.3 to
pombump-properties
Signed-off-by: Brian Carey <brian.carey@chainguard.dev>
---
druid/pombump-deps.yaml | 3 ---
druid/pombump-properties.yaml | 2 ++
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/druid/pombump-deps.yaml b/druid/pombump-deps.yaml
index f7ca36f84e3..891f3e3224a 100644
--- a/druid/pombump-deps.yaml
+++ b/druid/pombump-deps.yaml
@@ -41,6 +41,3 @@ patches:
- groupId: org.bouncycastle
artifactId: bcpkix-jdk18on
version: "1.79"
- - groupId: org.apache.logging.log4j
- artifactId: log4j-core
- version: 2.25.3
diff --git a/druid/pombump-properties.yaml b/druid/pombump-properties.yaml
index 31092cac71e..527d9b7de63 100644
--- a/druid/pombump-properties.yaml
+++ b/druid/pombump-properties.yaml
@@ -3,3 +3,5 @@ properties:
value: "3.9.1"
- property: netty4.version
value: 4.1.118.Final
+ - property: log4j.version
+ value: "2.25.3"
Loading