VULN UPGRADE: minor upgrades — 42 packages (minor: 9 · patch: 33) [utils/build] by campaigner-prod[bot] · Pull Request #6301 · DataDog/system-tests

campaigner-prod · 2026-02-13T11:28:49Z

Summary: Critical-severity security update — 95 packages upgraded (MINOR changes included)

Manifests changed:

utils/build (maven)

Updates

Package	From	To	Type	Vulnerabilities Fixed
org.postgresql:postgresql	42.6.0	42.6.2	patch	2 CRITICAL
org.postgresql:postgresql	42.6.0	42.6.2	patch	2 CRITICAL
org.scala-lang:scala-library	2.13.8	2.13.18	patch	2 CRITICAL
com.fasterxml.jackson.core:jackson-databind	2.10.3	2.21.0	minor	10 HIGH
com.fasterxml.jackson.core:jackson-databind	2.12.3	2.21.0	minor	8 HIGH
ch.qos.logback:logback-classic	1.2.11	1.2.13	patch	2 HIGH
com.google.protobuf:protobuf-java	3.25.3	3.25.8	patch	2 HIGH
com.google.protobuf:protobuf-java	3.25.3	3.25.8	patch	2 HIGH
com.mysql:mysql-connector-j	8.0.33	8.4.0	minor	1 HIGH
com.mysql:mysql-connector-j	8.0.33	8.4.0	minor	1 HIGH
org.bouncycastle:bcprov-jdk18on	1.74	1.83	minor	5 MODERATE
org.bouncycastle:bcprov-jdk18on	1.74	1.83	minor	5 MODERATE
org.bouncycastle:bcprov-jdk18on	1.74	1.83	minor	5 MODERATE
org.bouncycastle:bcprov-jdk18on	1.74	1.83	minor	5 MODERATE
io.vertx:vertx-core	4.4.0	4.4.9	patch	3 MODERATE
org.apache.commons:commons-lang3	3.17.0	3.20.0	minor	2 MODERATE
org.apache.commons:commons-lang3	3.17.0	3.20.0	minor	2 MODERATE
org.apache.commons:commons-lang3	3.17.0	3.20.0	minor	2 MODERATE
org.apache.commons:commons-lang3	3.17.0	3.20.0	minor	2 MODERATE
org.apache.commons:commons-lang3	3.17.0	3.20.0	minor	2 MODERATE
org.apache.commons:commons-lang3	3.17.0	3.20.0	minor	2 MODERATE
org.apache.commons:commons-lang3	3.17.0	3.20.0	minor	2 MODERATE
org.apache.commons:commons-lang3	3.17.0	3.20.0	minor	2 MODERATE
org.apache.commons:commons-lang3	3.17.0	3.20.0	minor	2 MODERATE
org.apache.commons:commons-lang3	3.17.0	3.20.0	minor	2 MODERATE
org.apache.commons:commons-lang3	3.17.0	3.20.0	minor	2 MODERATE
io.vertx:vertx-core	3.9.13	3.9.16	patch	2 MODERATE
io.vertx:vertx-web	4.4.0	4.4.9	patch	2 MODERATE, 2 LOW
io.vertx:vertx-web	3.9.13	3.9.16	patch	2 MODERATE, 2 LOW
org.apache.httpcomponents:httpclient	4.5.4	4.5.14	patch	2 MODERATE
org.apache.httpcomponents:httpclient	4.5.4	4.5.14	patch	2 MODERATE
ch.qos.logback:logback-classic	1.4.14	1.5.28	minor	-
com.datastax.oss:java-driver-core	4.13.0	4.17.0	minor	-
com.datastax.oss:java-driver-core	4.13.0	4.17.0	minor	-
com.squareup.okhttp3:okhttp	4.9.3	4.12.0	minor	-
dev.openfeature:sdk	1.18.2	1.20.1	minor	-
dev.openfeature:sdk	1.18.2	1.20.1	minor	-
io.opentelemetry:opentelemetry-api	1.41.0	1.59.0	minor	-
io.opentelemetry:opentelemetry-api	1.45.0	1.59.0	minor	-
io.opentelemetry:opentelemetry-api	1.41.0	1.59.0	minor	-
io.opentelemetry:opentelemetry-sdk-logs	1.26.0-alpha	1.58.0	minor	-
com.fasterxml.jackson.core:jackson-core	2.17.1	2.17.3	patch	-
com.fasterxml.jackson.core:jackson-core	2.18.3	2.18.5	patch	-
com.fasterxml.jackson.dataformat:jackson-dataformat-xml	2.12.6	2.12.7	patch	-
com.fasterxml.jackson.dataformat:jackson-dataformat-xml	2.12.6	2.12.7	patch	-
com.fasterxml.jackson.dataformat:jackson-dataformat-xml	2.10.3	2.10.5	patch	-
com.fasterxml.jackson.module:jackson-module-scala_2.13	2.13.4	2.13.5	patch	-
com.sun.xml.bind:jaxb-impl	2.3.0	2.3.9	patch	-
com.sun.xml.bind:jaxb-impl	3.0.1	3.0.2	patch	-
com.sun.xml.bind:jaxb-impl	2.3.0	2.3.9	patch	-
com.typesafe.akka:akka-actor_2.13	2.8.0	2.8.8	patch	-
com.typesafe.akka:akka-http-jackson_2.13	10.5.0	10.5.3	patch	-
com.typesafe.akka:akka-http-xml_2.13	10.5.0	10.5.3	patch	-
com.typesafe.akka:akka-http_2.13	10.5.0	10.5.3	patch	-
com.typesafe.akka:akka-slf4j_2.13	2.8.0	2.8.8	patch	-
com.typesafe.akka:akka-stream_2.13	2.8.0	2.8.8	patch	-
com.typesafe.play:play-ahc-ws_2.13	2.8.20	2.8.22	patch	-
com.typesafe.play:play-akka-http-server_2.13	2.8.20	2.8.22	patch	-
com.typesafe.play:play-guice_2.13	2.8.20	2.8.22	patch	-
com.typesafe.play:play-logback_2.13	2.8.20	2.8.22	patch	-
com.typesafe.play:play_2.13	2.8.20	2.8.22	patch	-
com.unboundid:unboundid-ldapsdk	6.0.8	6.0.11	patch	-
com.unboundid:unboundid-ldapsdk	6.0.8	6.0.11	patch	-
com.unboundid:unboundid-ldapsdk	6.0.8	6.0.11	patch	-
com.unboundid:unboundid-ldapsdk	6.0.8	6.0.11	patch	-
com.unboundid:unboundid-ldapsdk	6.0.8	6.0.11	patch	-
com.unboundid:unboundid-ldapsdk	6.0.8	6.0.11	patch	-
com.unboundid:unboundid-ldapsdk	6.0.9	6.0.11	patch	-
io.asyncer:r2dbc-mysql	1.3.0	1.3.2	patch	-
io.asyncer:r2dbc-mysql	1.3.0	1.3.2	patch	-
io.projectreactor:reactor-core	3.6.11	3.6.18	patch	-
io.projectreactor:reactor-core	3.6.11	3.6.18	patch	-
javax.xml.bind:jaxb-api	2.3.0	2.3.1	patch	-
javax.xml.bind:jaxb-api	2.2.5	2.2.12	patch	-
javax.xml.bind:jaxb-api	2.3.0	2.3.1	patch	-
javax.xml.bind:jaxb-api	2.3.0	2.3.1	patch	-
javax.xml.bind:jaxb-api	2.3.0	2.3.1	patch	-
ognl:ognl	3.3.2	3.3.5	patch	-
ognl:ognl	3.3.2	3.3.5	patch	-
org.hsqldb:hsqldb	2.7.1	2.7.4	patch	-
org.hsqldb:hsqldb	2.7.1	2.7.4	patch	-
org.hsqldb:hsqldb	2.7.2	2.7.4	patch	-
org.hsqldb:hsqldb	2.7.1	2.7.4	patch	-
org.hsqldb:hsqldb	2.7.1	2.7.4	patch	-
org.hsqldb:hsqldb	2.7.1	2.7.4	patch	-
org.hsqldb:hsqldb	2.7.1	2.7.4	patch	-
org.mongodb:mongo-java-driver	3.12.10	3.12.14	patch	-
org.mongodb:mongo-java-driver	3.12.10	3.12.14	patch	-
org.slf4j:slf4j-api	2.0.16	2.0.17	patch	-
software.amazon.awssdk:kinesis	2.17.85	2.17.295	patch	-
software.amazon.awssdk:kinesis	2.17.85	2.17.295	patch	-
software.amazon.awssdk:sns	2.17.85	2.17.295	patch	-
software.amazon.awssdk:sns	2.17.85	2.17.295	patch	-
software.amazon.awssdk:sqs	2.17.85	2.17.295	patch	-
software.amazon.awssdk:sqs	2.17.85	2.17.295	patch	-

Packages marked with "-" are updated due to dependency constraints.

Security Details

🚨 Critical & High Severity (32 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
org.postgresql:postgresql	GHSA-24rp-q3w6-vc56	CRITICAL	org.postgresql:postgresql vulnerable to SQL Injection via line comment generation	42.6.0	42.2.28
org.postgresql:postgresql	CVE-2024-1597	CRITICAL	-	42.6.0	-
org.postgresql:postgresql	GHSA-24rp-q3w6-vc56	CRITICAL	org.postgresql:postgresql vulnerable to SQL Injection via line comment generation	42.6.0	42.2.28
org.postgresql:postgresql	CVE-2024-1597	CRITICAL	-	42.6.0	-
org.scala-lang:scala-library	CVE-2022-36944	CRITICAL	-	2.13.8	-
org.scala-lang:scala-library	GHSA-8qv5-68g4-248j	CRITICAL	Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization	2.13.8	2.13.9
ch.qos.logback:logback-classic	GHSA-vmq6-5m68-f53m	HIGH	logback serialization vulnerability	1.2.11	1.3.12
ch.qos.logback:logback-classic	CVE-2023-6378	HIGH	-	1.2.11	-
com.fasterxml.jackson.core:jackson-databind	GHSA-3x8x-79m2-3w2w	HIGH	jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode	2.12.3	2.12.6
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36518	HIGH	-	2.12.3	-
com.fasterxml.jackson.core:jackson-databind	GHSA-jjjh-jjxp-wpff	HIGH	Uncontrolled Resource Consumption in Jackson-databind	2.12.3	2.12.7.1
com.fasterxml.jackson.core:jackson-databind	CVE-2022-42003	HIGH	-	2.12.3	-
com.fasterxml.jackson.core:jackson-databind	GHSA-rgv9-q543-rqg4	HIGH	Uncontrolled Resource Consumption in FasterXML jackson-databind	2.12.3	2.12.7.1
com.fasterxml.jackson.core:jackson-databind	GHSA-57j2-w4cx-62h2	HIGH	Deeply nested json in jackson-databind	2.12.3	2.13.2.1
com.fasterxml.jackson.core:jackson-databind	CVE-2021-46877	HIGH	-	2.12.3	-
com.fasterxml.jackson.core:jackson-databind	CVE-2022-42004	HIGH	-	2.12.3	-
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36518	HIGH	-	2.10.3	-
com.fasterxml.jackson.core:jackson-databind	GHSA-288c-cq4h-88gq	HIGH	XML External Entity (XXE) Injection in Jackson Databind	2.10.3	2.6.7.4
com.fasterxml.jackson.core:jackson-databind	GHSA-3x8x-79m2-3w2w	HIGH	jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode	2.10.3	2.12.6
com.fasterxml.jackson.core:jackson-databind	CVE-2022-42004	HIGH	-	2.10.3	-
com.fasterxml.jackson.core:jackson-databind	GHSA-rgv9-q543-rqg4	HIGH	Uncontrolled Resource Consumption in FasterXML jackson-databind	2.10.3	2.12.7.1
com.fasterxml.jackson.core:jackson-databind	CVE-2021-46877	HIGH	-	2.10.3	-
com.fasterxml.jackson.core:jackson-databind	GHSA-57j2-w4cx-62h2	HIGH	Deeply nested json in jackson-databind	2.10.3	2.13.2.1
com.fasterxml.jackson.core:jackson-databind	CVE-2022-42003	HIGH	-	2.10.3	-
com.fasterxml.jackson.core:jackson-databind	GHSA-jjjh-jjxp-wpff	HIGH	Uncontrolled Resource Consumption in Jackson-databind	2.10.3	2.12.7.1
com.fasterxml.jackson.core:jackson-databind	CVE-2020-25649	HIGH	-	2.10.3	-
com.google.protobuf:protobuf-java	GHSA-735f-pc8j-v9w8	HIGH	protobuf-java has potential Denial of Service issue	3.25.3	3.25.5
com.google.protobuf:protobuf-java	CVE-2024-7254	HIGH	-	3.25.3	-
com.google.protobuf:protobuf-java	GHSA-735f-pc8j-v9w8	HIGH	protobuf-java has potential Denial of Service issue	3.25.3	3.25.5
com.google.protobuf:protobuf-java	CVE-2024-7254	HIGH	-	3.25.3	-
com.mysql:mysql-connector-j	GHSA-m6vm-37g8-gqvh	HIGH	MySQL Connectors takeover vulnerability	8.0.33	8.2.0
com.mysql:mysql-connector-j	GHSA-m6vm-37g8-gqvh	HIGH	MySQL Connectors takeover vulnerability	8.0.33	8.2.0

ℹ️ Other Vulnerabilities (59)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
io.vertx:vertx-core	GHSA-cphf-4846-3xx9	MODERATE	Vert.x Web static handler component cache can be manipulated to deny the access to static files	3.9.13	4.5.24
io.vertx:vertx-core	CVE-2026-1002	MODERATE	-	3.9.13	-
io.vertx:vertx-core	GHSA-cphf-4846-3xx9	MODERATE	Vert.x Web static handler component cache can be manipulated to deny the access to static files	4.4.0	4.5.24
io.vertx:vertx-core	CVE-2026-1002	MODERATE	-	4.4.0	-
io.vertx:vertx-core	GHSA-9ph3-v2vh-3qx7	MODERATE	Eclipse Vert.x vulnerable to a memory leak in TCP servers	4.4.0	4.4.8
io.vertx:vertx-web	GHSA-h5fg-jpgr-rv9c	MODERATE	Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories	3.9.13	4.5.22
io.vertx:vertx-web	CVE-2025-11965	MODERATE	-	3.9.13	-
io.vertx:vertx-web	GHSA-h5fg-jpgr-rv9c	MODERATE	Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories	4.4.0	4.5.22
io.vertx:vertx-web	CVE-2025-11965	MODERATE	-	4.4.0	-
org.apache.commons:commons-lang3	GHSA-j288-q9x7-2f5v	MODERATE	Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs	3.17.0	3.18.0
org.apache.commons:commons-lang3	CVE-2025-48924	MODERATE	-	3.17.0	-
org.apache.commons:commons-lang3	GHSA-j288-q9x7-2f5v	MODERATE	Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs	3.17.0	3.18.0
org.apache.commons:commons-lang3	CVE-2025-48924	MODERATE	-	3.17.0	-
org.apache.commons:commons-lang3	GHSA-j288-q9x7-2f5v	MODERATE	Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs	3.17.0	3.18.0
org.apache.commons:commons-lang3	CVE-2025-48924	MODERATE	-	3.17.0	-
org.apache.commons:commons-lang3	CVE-2025-48924	MODERATE	-	3.17.0	-
org.apache.commons:commons-lang3	GHSA-j288-q9x7-2f5v	MODERATE	Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs	3.17.0	3.18.0
org.apache.commons:commons-lang3	CVE-2025-48924	MODERATE	-	3.17.0	-
org.apache.commons:commons-lang3	GHSA-j288-q9x7-2f5v	MODERATE	Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs	3.17.0	3.18.0
org.apache.commons:commons-lang3	CVE-2025-48924	MODERATE	-	3.17.0	-
org.apache.commons:commons-lang3	GHSA-j288-q9x7-2f5v	MODERATE	Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs	3.17.0	3.18.0
org.apache.commons:commons-lang3	GHSA-j288-q9x7-2f5v	MODERATE	Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs	3.17.0	3.18.0
org.apache.commons:commons-lang3	CVE-2025-48924	MODERATE	-	3.17.0	-
org.apache.commons:commons-lang3	CVE-2025-48924	MODERATE	-	3.17.0	-
org.apache.commons:commons-lang3	GHSA-j288-q9x7-2f5v	MODERATE	Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs	3.17.0	3.18.0
org.apache.commons:commons-lang3	GHSA-j288-q9x7-2f5v	MODERATE	Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs	3.17.0	3.18.0
org.apache.commons:commons-lang3	CVE-2025-48924	MODERATE	-	3.17.0	-
org.apache.commons:commons-lang3	CVE-2025-48924	MODERATE	-	3.17.0	-
org.apache.commons:commons-lang3	GHSA-j288-q9x7-2f5v	MODERATE	Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs	3.17.0	3.18.0
org.apache.commons:commons-lang3	GHSA-j288-q9x7-2f5v	MODERATE	Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs	3.17.0	3.18.0
org.apache.commons:commons-lang3	CVE-2025-48924	MODERATE	-	3.17.0	-
org.apache.httpcomponents:httpclient	GHSA-7r82-7xv7-xcpj	MODERATE	Cross-site scripting in Apache HttpClient	4.5.4	4.5.13
org.apache.httpcomponents:httpclient	CVE-2020-13956	MODERATE	-	4.5.4	-
org.apache.httpcomponents:httpclient	CVE-2020-13956	MODERATE	-	4.5.4	-
org.apache.httpcomponents:httpclient	GHSA-7r82-7xv7-xcpj	MODERATE	Cross-site scripting in Apache HttpClient	4.5.4	4.5.13
org.bouncycastle:bcprov-jdk18on	GHSA-v435-xc8x-wvr9	MODERATE	Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-m44j-cfrm-g8qc	MODERATE	Bouncy Castle crafted signature and public key can be used to trigger an infinite loop	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-4h8f-2wvx-gg5w	MODERATE	Bouncy Castle Java Cryptography API vulnerable to DNS poisoning	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-8xfc-gm6g-vgpv	MODERATE	Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-67mf-3cr5-8w23	MODERATE	Bouncy Castle for Java on All (API modules) allows Excessive Allocation	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-67mf-3cr5-8w23	MODERATE	Bouncy Castle for Java on All (API modules) allows Excessive Allocation	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-8xfc-gm6g-vgpv	MODERATE	Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-v435-xc8x-wvr9	MODERATE	Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-4h8f-2wvx-gg5w	MODERATE	Bouncy Castle Java Cryptography API vulnerable to DNS poisoning	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-m44j-cfrm-g8qc	MODERATE	Bouncy Castle crafted signature and public key can be used to trigger an infinite loop	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-67mf-3cr5-8w23	MODERATE	Bouncy Castle for Java on All (API modules) allows Excessive Allocation	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-8xfc-gm6g-vgpv	MODERATE	Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-v435-xc8x-wvr9	MODERATE	Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-4h8f-2wvx-gg5w	MODERATE	Bouncy Castle Java Cryptography API vulnerable to DNS poisoning	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-m44j-cfrm-g8qc	MODERATE	Bouncy Castle crafted signature and public key can be used to trigger an infinite loop	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-v435-xc8x-wvr9	MODERATE	Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-67mf-3cr5-8w23	MODERATE	Bouncy Castle for Java on All (API modules) allows Excessive Allocation	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-8xfc-gm6g-vgpv	MODERATE	Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-4h8f-2wvx-gg5w	MODERATE	Bouncy Castle Java Cryptography API vulnerable to DNS poisoning	1.74	1.78
org.bouncycastle:bcprov-jdk18on	GHSA-m44j-cfrm-g8qc	MODERATE	Bouncy Castle crafted signature and public key can be used to trigger an infinite loop	1.74	1.78
io.vertx:vertx-web	CVE-2025-11966	LOW	-	3.9.13	-
io.vertx:vertx-web	GHSA-45p5-v273-3qqr	LOW	Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names	3.9.13	4.5.22
io.vertx:vertx-web	CVE-2025-11966	LOW	-	4.4.0	-
io.vertx:vertx-web	GHSA-45p5-v273-3qqr	LOW	Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names	4.4.0	4.5.22

⚠️ Dependencies that have Reached EOL (38)

Dependency	Unsafe Version	EOL Date	New Version	Path
ch.qos.logback:logback-classic	`1.2.11`	-	`1.2.13`	`utils/build/docker/java/akka-http/pom.xml`
ch.qos.logback:logback-classic	`1.4.14`	-	`1.5.28`	`utils/build/docker/java/spring-boot-3-native/pom.xml`
com.datastax.oss:java-driver-core	`4.13.0`	-	`4.17.0`	`utils/build/docker/java/spring-boot/pom.xml`
com.datastax.oss:java-driver-core	`4.13.0`	-	`4.17.0`	`utils/build/docker/java_otel/spring-boot/pom.xml`
com.fasterxml.jackson.core:jackson-core	`2.18.3`	-	`2.18.5`	`utils/build/docker/java/ratpack/pom.xml`
com.fasterxml.jackson.core:jackson-core	`2.17.1`	-	`2.17.3`	`utils/build/docker/java/resteasy-netty3/pom.xml`
com.fasterxml.jackson.core:jackson-databind	`2.12.3`	-	`2.21.0`	`utils/build/docker/java/jersey-grizzly2/pom.xml`
com.fasterxml.jackson.core:jackson-databind	`2.10.3`	-	`2.21.0`	`utils/build/docker/java/ratpack/pom.xml`
com.fasterxml.jackson.dataformat:jackson-dataformat-xml	`2.10.3`	-	`2.10.5`	`utils/build/docker/java/ratpack/pom.xml`
com.squareup.okhttp3:okhttp	`4.9.3`	-	`4.12.0`	`utils/build/docker/java/spring-boot/pom.xml`
com.sun.xml.bind:jaxb-impl	`3.0.1`	-	`3.0.2`	`utils/build/docker/java/jersey-grizzly2/pom.xml`
com.sun.xml.bind:jaxb-impl	`2.3.0`	-	`2.3.9`	`utils/build/docker/java/vertx3/pom.xml`
com.sun.xml.bind:jaxb-impl	`2.3.0`	-	`2.3.9`	`utils/build/docker/java/vertx4/pom.xml`
io.opentelemetry:opentelemetry-api	`1.45.0`	-	`1.59.0`	`utils/build/docker/java/parametric/pom.xml`
io.opentelemetry:opentelemetry-api	`1.41.0`	-	`1.59.0`	`utils/build/docker/java/spring-boot/pom.xml`
io.opentelemetry:opentelemetry-api	`1.41.0`	-	`1.59.0`	`utils/build/docker/java_otel/spring-boot/pom.xml`
io.vertx:vertx-core	`4.4.0`	-	`4.4.9`	`utils/build/docker/java/vertx4/pom.xml`
io.vertx:vertx-web	`4.4.0`	-	`4.4.9`	`utils/build/docker/java/vertx4/pom.xml`
javax.xml.bind:jaxb-api	`2.3.0`	-	`2.3.1`	`utils/build/docker/java/akka-http/pom.xml`
javax.xml.bind:jaxb-api	`2.3.0`	-	`2.3.1`	`utils/build/docker/java/jersey-grizzly2/pom.xml`
javax.xml.bind:jaxb-api	`2.2.5`	-	`2.2.12`	`utils/build/docker/java/resteasy-netty3/pom.xml`
javax.xml.bind:jaxb-api	`2.3.0`	-	`2.3.1`	`utils/build/docker/java/vertx3/pom.xml`
javax.xml.bind:jaxb-api	`2.3.0`	-	`2.3.1`	`utils/build/docker/java/vertx4/pom.xml`
org.apache.commons:commons-lang3	`3.17.0`	-	`3.20.0`	`utils/build/docker/java/akka-http/pom.xml`
org.apache.commons:commons-lang3	`3.17.0`	-	`3.20.0`	`utils/build/docker/java/jersey-grizzly2/pom.xml`
org.apache.commons:commons-lang3	`3.17.0`	-	`3.20.0`	`utils/build/docker/java/parametric/pom.xml`
org.apache.commons:commons-lang3	`3.17.0`	-	`3.20.0`	`utils/build/docker/java/play/pom.xml`
org.apache.commons:commons-lang3	`3.17.0`	-	`3.20.0`	`utils/build/docker/java/ratpack/pom.xml`
org.apache.commons:commons-lang3	`3.17.0`	-	`3.20.0`	`utils/build/docker/java/resteasy-netty3/pom.xml`
org.apache.commons:commons-lang3	`3.17.0`	-	`3.20.0`	`utils/build/docker/java/spring-boot-3-native/pom.xml`
org.apache.commons:commons-lang3	`3.17.0`	-	`3.20.0`	`utils/build/docker/java/spring-boot/pom.xml`
org.apache.commons:commons-lang3	`3.17.0`	-	`3.20.0`	`utils/build/docker/java/vertx3/pom.xml`
org.apache.commons:commons-lang3	`3.17.0`	-	`3.20.0`	`utils/build/docker/java/vertx4/pom.xml`
org.apache.commons:commons-lang3	`3.17.0`	-	`3.20.0`	`utils/build/docker/java_otel/spring-boot/pom.xml`
org.apache.httpcomponents:httpclient	`4.5.4`	-	`4.5.14`	`utils/build/docker/java/spring-boot/pom.xml`
org.apache.httpcomponents:httpclient	`4.5.4`	-	`4.5.14`	`utils/build/docker/java_otel/spring-boot/pom.xml`
org.scala-lang:scala-library	`2.13.8`	Jun 7, 2024	`2.13.18`	`utils/build/docker/java/play/pom.xml`
org.slf4j:slf4j-api	`2.0.16`	-	`2.0.17`	`utils/build/docker/java/spring-boot-3-native/pom.xml`

Review Checklist

Standard review:

Review changes for compatibility with your code
Check for breaking changes in release notes
Run tests locally or wait for CI

Update Mode: Vulnerability Remediation (Critical/High)

🤖 Generated by DataDog Automated Dependency Management System

dd-prapprover · 2026-02-13T11:29:03Z

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

🔗 Workflow Link

✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-02-13T11:29:03Z
⬜ CI tests passed
⬜ Approved
⬜ Merge Started
⬜ Merged

➡️ Current phase: CI tests failed, please fix and re-trigger

github-actions · 2026-02-13T11:29:13Z

CODEOWNERS have been resolved as:

utils/build/docker/java/akka-http/pom.xml                               @DataDog/apm-java @DataDog/asm-java @DataDog/system-tests-core
utils/build/docker/java/jersey-grizzly2/pom.xml                         @DataDog/apm-java @DataDog/asm-java @DataDog/system-tests-core
utils/build/docker/java/parametric/pom.xml                              @DataDog/apm-java @DataDog/asm-java @DataDog/system-tests-core
utils/build/docker/java/play/pom.xml                                    @DataDog/apm-java @DataDog/asm-java @DataDog/system-tests-core
utils/build/docker/java/ratpack/pom.xml                                 @DataDog/apm-java @DataDog/asm-java @DataDog/system-tests-core
utils/build/docker/java/resteasy-netty3/pom.xml                         @DataDog/apm-java @DataDog/asm-java @DataDog/system-tests-core
utils/build/docker/java/spring-boot-3-native/pom.xml                    @DataDog/apm-java @DataDog/asm-java @DataDog/system-tests-core
utils/build/docker/java/spring-boot/pom.xml                             @DataDog/apm-java @DataDog/asm-java @DataDog/system-tests-core
utils/build/docker/java/vertx3/pom.xml                                  @DataDog/apm-java @DataDog/asm-java @DataDog/system-tests-core
utils/build/docker/java/vertx4/pom.xml                                  @DataDog/apm-java @DataDog/asm-java @DataDog/system-tests-core
utils/build/docker/java_otel/spring-boot-native/pom.xml                 @DataDog/opentelemetry @DataDog/system-tests-core
utils/build/docker/java_otel/spring-boot/pom.xml                        @DataDog/opentelemetry @DataDog/system-tests-core

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dc7e034b9c

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

chatgpt-codex-connector · 2026-02-13T11:33:16Z

utils/build/docker/java_otel/spring-boot-native/pom.xml

            <groupId>io.opentelemetry</groupId>
            <artifactId>opentelemetry-sdk-logs</artifactId>
-            <version>1.26.0-alpha</version>
+            <version>1.58.0</version>


Keep OTel log artifacts on a single version line

This update moves only opentelemetry-sdk-logs to 1.58.0 while opentelemetry-api-logs and opentelemetry-exporter-otlp-logs stay on 1.26.0-alpha; before this commit all three were aligned. The Spring Boot native app builds a logging pipeline (SdkLoggerProvider + OTLP log exporter), so mixing a stable 1.58 SDK with 1.26-alpha log API/exporter artifacts can introduce runtime linkage failures (e.g., NoSuchMethodError/NoClassDefFoundError) when logs are initialized.

Useful? React with 👍 / 👎.

datadog-official · 2026-02-13T11:33:56Z

⚠️ Tests

✨ Fix all issues with Cursor

⚠️ Warnings

❄️ 18 New flaky tests detected

tests.appsec.test_blocking_addresses.Test_Blocking_client_ip.test_blocking_before[envoy] from system_tests_suite (Datadog) (Fix with Cursor)

ValueError: No appsec event validate this condition

self = <tests.appsec.test_blocking_addresses.Test_Blocking_client_ip object at 0x7f7f190bfb00>

    def test_blocking_before(self):
        """Test that blocked requests are blocked before being processed"""
        # second request should block and must not set the tag in span
        assert self.block_req2.status_code == 403
>       interfaces.library.assert_waf_attack(self.block_req2, rule="blk-001-001")

...

tests.appsec.test_blocking_addresses.Test_Blocking_client_ip.test_blocking[envoy] from system_tests_suite (Datadog) (Fix with Cursor)

ValueError: No appsec event validate this condition

self = <tests.appsec.test_blocking_addresses.Test_Blocking_client_ip object at 0x7f7f190bfa40>

    def test_blocking(self):
        """Can block the request forwarded for the ip"""
    
        assert self.rm_req_block.status_code == 403
>       interfaces.library.assert_waf_attack(self.rm_req_block, rule="blk-001-001")

...

tests.appsec.test_blocking_addresses.Test_Blocking_client_ip_with_forwarded.test_blocking_before[envoy] from system_tests_suite (Datadog) (Fix with Cursor)

ValueError: No appsec event validate this condition

self = <tests.appsec.test_blocking_addresses.Test_Blocking_client_ip_with_forwarded object at 0x7f7f190e00b0>

    def test_blocking_before(self):
        """Test that blocked requests are blocked before being processed"""
        # second request should block and must not set the tag in span
        assert self.block_req2.status_code == 403
>       interfaces.library.assert_waf_attack(self.block_req2, rule="blk-001-001")

...

View all

ℹ️ Info

🧪 All tests passed

_{This comment will be updated automatically if new data arrives.

🔗 Commit SHA: dc7e034 | Docs | Datadog PR Page | Was this helpful? Give us feedback!}

Executing automated changes

dc7e034

campaigner-prod bot added the campaigner-automated-change label Feb 13, 2026

campaigner-prod bot requested review from a team as code owners February 13, 2026 11:28

campaigner-prod bot requested review from IbraheemA and removed request for a team February 13, 2026 11:28

campaigner-prod bot added the campaigner-automated-change label Feb 13, 2026

campaigner-prod bot requested review from daniel-romano-DD, dougqh and manuel-alvarez-alvarez February 13, 2026 11:28

campaigner-prod bot added the adms-dependency-update label Feb 13, 2026

chatgpt-codex-connector bot reviewed Feb 13, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

VULN UPGRADE: minor upgrades — 42 packages (minor: 9 · patch: 33) [utils/build]#6301

VULN UPGRADE: minor upgrades — 42 packages (minor: 9 · patch: 33) [utils/build]#6301
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/maven/build/0-1770982118

campaigner-prod bot commented Feb 13, 2026

Uh oh!

dd-prapprover bot commented Feb 13, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Feb 13, 2026

Uh oh!

chatgpt-codex-connector bot left a comment

Uh oh!

chatgpt-codex-connector bot Feb 13, 2026

Uh oh!

datadog-official bot commented Feb 13, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

campaigner-prod bot commented Feb 13, 2026

Updates

Security Details

Review Checklist

Uh oh!

dd-prapprover bot commented Feb 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🛠️ PRApproval Status

Uh oh!

github-actions bot commented Feb 13, 2026

Uh oh!

chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

chatgpt-codex-connector bot Feb 13, 2026

Choose a reason for hiding this comment

Uh oh!

datadog-official bot commented Feb 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ Warnings

ℹ️ Info

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dd-prapprover bot commented Feb 13, 2026 •

edited

Loading

datadog-official bot commented Feb 13, 2026 •

edited

Loading