Skip to content

HDDS-15830. Bump jline to 3.30.15#10729

Merged
adoroszlai merged 1 commit into
masterfrom
dependabot-maven-org.jline-jline-3.30.15
Jul 11, 2026
Merged

HDDS-15830. Bump jline to 3.30.15#10729
adoroszlai merged 1 commit into
masterfrom
dependabot-maven-org.jline-jline-3.30.15

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 11, 2026

Copy link
Copy Markdown
Contributor

Bumps org.jline:jline from 3.30.13 to 3.30.15.

Release notes

Sourced from org.jline:jline's releases.

JLine 3.30.15 is a security patch release addressing ReDoS and other security vulnerabilities.

🔒 Security Fixes

  • fix: guard regex matching against catastrophic backtracking (ReDoS) (#2018, backport of #2012) @​gnodet
  • fix: backport security hardening (#1986, #1995)
    • Create persisted history file with owner-only permissions
    • Use exclusive create for extracted native library temp files

🐛 Bug Fixes

  • fix: warn on insecure permissions when history file created concurrently @​gnodet

📦 Dependency Updates

  • chore: bump eu.maveniverse.maven.njord:extension3 from 0.9.8 to 0.9.9 (#1999)
  • chore: bump com.palantir.javaformat:palantir-java-format (#1991)
  • chore: bump actions/cache from 5 to 6 (#1989)

Full Changelog: jline/jline3@jline-3.30.14...jline-3.30.15

JLine 3.30.14

Bug Fixes

  • Fix swap rows/columns in openpty winsize constructor call (#1910)
  • Fix filter-by-commitish in 3.x release drafter config

Security

  • Limit telnet NEW-ENVIRON variable count and NAWS geometry bounds (backport of GHSA-47qp, GHSA-2r2c)

Dependency Upgrades

  • Bump Groovy from 4.0.31 to 4.0.32
  • Bump SLF4J from 2.0.17 to 2.0.18
  • Bump JNA from 5.18.1 to 5.19.1
  • Bump Apache SSHD from 2.17.1 to 2.18.0
  • Bump Spotless Maven Plugin from 3.4.0 to 3.7.0
  • Bump Palantir Java Format from 2.90.0 to 2.93.0
  • Bump GMavenPlus Plugin from 4.3.1 to 5.0.0
  • Bump Maven Enforcer Plugin from 3.6.2 to 3.6.3
  • Bump Maven Surefire Plugin from 3.5.5 to 3.5.6
  • Bump Maven Dependency Plugin from 3.10.0 to 3.11.0
  • Bump Njord Extension from 0.9.5 to 0.9.8
  • Bump actions/checkout from 6 to 7
Commits
  • b880666 [maven-release-plugin] prepare release jline-3.30.15
  • 341ee69 fix: guard regex matching against catastrophic backtracking (ReDoS)
  • 1d12a0d fix: warn on insecure permissions when history file created concurrently
  • e307915 fix: backport security hardening to jline-3.x (#1986, #1995)
  • 6212e6c chore: Bump eu.maveniverse.maven.njord:extension3 from 0.9.8 to 0.9.9 (#1999)
  • 6c80118 chore: Bump com.palantir.javaformat:palantir-java-format (#1991)
  • 04287c4 chore: Bump actions/cache from 5 to 6 (#1989)
  • febc3b3 [maven-release-plugin] prepare for next development iteration
  • c02dd46 [maven-release-plugin] prepare release jline-3.30.14
  • 3ea9cad Merge pull request #2000 from jline/backport/jline-3.x/telnet-security-fixes
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 11, 2026
Bumps [org.jline:jline](https://github.com/jline/jline3) from 3.30.13 to 3.30.15.
- [Release notes](https://github.com/jline/jline3/releases)
- [Commits](jline/jline3@jline-3.30.13...jline-3.30.15)

---
updated-dependencies:
- dependency-name: org.jline:jline
  dependency-version: 3.30.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot-maven-org.jline-jline-3.30.15 branch from 45e6e80 to f77f8b8 Compare July 11, 2026 07:17
@adoroszlai adoroszlai changed the title Bump org.jline:jline from 3.30.13 to 3.30.15 HDDS-15830. Bump jline to 3.30.15 Jul 11, 2026
@adoroszlai adoroszlai merged commit 5b803eb into master Jul 11, 2026
45 of 47 checks passed
@dependabot dependabot Bot deleted the dependabot-maven-org.jline-jline-3.30.15 branch July 11, 2026 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant