Skip to content

Explicit Kotlin version needs to be removed from Pulsar 4.0 or needs to be upgraded to 2.3.21 #25763

Open
Open
Explicit Kotlin version needs to be removed from Pulsar 4.0 or needs to be upgraded to 2.3.21#25763
Labels
type/enhancementThe enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages
@adarshhm6

Description

@adarshhm6
adarshhm6
opened on May 13, 2026

Search before reporting

  • I searched in the issues and found nothing similar.

Motivation

okio and kotlin version was explicitly added to mitigate the CVE's where these dependencies were brought by okhttp3.

<okio.version>3.16.3</okio.version>

<kotlin-stdlib.version>1.8.20</kotlin-stdlib.version>

Solution

Since okhttp3 is upgraded now to 5.3, explicit versions are necessary? Can it be removed? If not can we increase the kotlin version explicitly to 2.3.21?

Alternatives

No response

Anything else?

No response

Are you willing to submit a PR?

  • I'm willing to submit a PR!

Metadata

Metadata

Assignees

No one assigned

    Labels

    type/enhancementThe enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions