Fix vulnerabilities CVE-2025-25193 & CVE-2025-24970 in Netty and CVE-2025-48734 in commons-beanutils #233
Description
See https://github.com/exasol/spark-connector/actions/runs/15647531713/job/44087409408:
Error: Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (default-cli) on project spark-connector-jdbc_2.13: Detected 4 vulnerable components:
Error: commons-beanutils:commons-beanutils:jar:1.9.4:provided; https://ossindex.sonatype.org/component/pkg:maven/commons-beanutils/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2025-48734] CWE-284: Improper Access Control (8.8); https://ossindex.sonatype.org/vulnerability/CVE-2025-48734?component-type=maven&component-name=commons-beanutils%2Fcommons-beanutils&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: com.exasol:exasol-jdbc:jar:24.2.1:compile; https://ossindex.sonatype.org/component/pkg:maven/com.exasol/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2024-55551] CWE-471: Modification of Assumed-Immutable Data (MAID) (9.2); https://ossindex.sonatype.org/vulnerability/CVE-2024-55551?component-type=maven&component-name=com.exasol%2Fexasol-jdbc&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: io.netty:netty-common:jar:4.1.116.Final:provided; https://ossindex.sonatype.org/component/pkg:maven/io.netty/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2025-25193] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (5.5); https://ossindex.sonatype.org/vulnerability/CVE-2025-25193?component-type=maven&component-name=io.netty%2Fnetty-common&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: io.netty:netty-handler:jar:4.1.116.Final:provided; https://ossindex.sonatype.org/component/pkg:maven/io.netty/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2025-24970] CWE-20: Improper Input Validation (7.5); https://ossindex.sonatype.org/vulnerability/CVE-2025-24970?component-type=maven&component-name=io.netty%2Fnetty-handler&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Also upgrade Project Keeper to the latest version in order to use the new automatic dependency update mechanism.