Skip to content

chore(deps): bump the maven-dependencies group across 1 directory with 18 updates#2823

Merged
boris-petrov merged 1 commit into
mainfrom
dependabot/maven/maven-dependencies-89b8cae3fa
Jul 6, 2026
Merged

chore(deps): bump the maven-dependencies group across 1 directory with 18 updates#2823
boris-petrov merged 1 commit into
mainfrom
dependabot/maven/maven-dependencies-89b8cae3fa

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the maven-dependencies group with 18 updates in the / directory:

Package From To
org.apache:apache 38 39
com.puppycrawl.tools:checkstyle 13.6.0 13.7.0
org.junit.jupiter:junit-jupiter-api 6.1.0 6.1.1
org.junit.jupiter:junit-jupiter-engine 6.1.0 6.1.1
org.junit.jupiter:junit-jupiter-params 6.1.0 6.1.1
org.junit.platform:junit-platform-engine 6.1.0 6.1.1
org.junit.platform:junit-platform-commons 6.1.0 6.1.1
ch.qos.logback:logback-core 1.5.34 1.5.37
ch.qos.logback:logback-classic 1.5.34 1.5.37
org.hibernate.orm:hibernate-core 7.4.1.Final 7.4.3.Final
org.apache.tomcat.embed:tomcat-embed-core 11.0.22 11.0.23
org.apache.tomcat.embed:tomcat-embed-el 11.0.22 11.0.23
org.apache.tomcat.embed:tomcat-embed-websocket 11.0.22 11.0.23
org.apache.tomcat:tomcat-jaspic-api 11.0.22 11.0.23
org.apache.tomcat:tomcat-catalina 11.0.22 11.0.23
org.apache.tomcat:tomcat-jasper 11.0.22 11.0.23
org.apache.tomcat:tomcat-jasper-el 11.0.22 11.0.23
fish.payara.extras:payara-micro 7.2026.5 7.2026.6

Updates org.apache:apache from 38 to 39

Release notes

Sourced from org.apache:apache's releases.

Apache Parent POM version 39

see push-to-atr profile integration documentation for more details: https://maven.apache.org/pom/asf/#the-push-to-atr-profile

🚀 New features and improvements

👻 Maintenance

📦 Dependency updates

Commits

Updates com.puppycrawl.tools:checkstyle from 13.6.0 to 13.7.0

Release notes

Sourced from com.puppycrawl.tools:checkstyle's releases.

checkstyle-13.7.0

Checkstyle 13.7.0 - https://checkstyle.org/releasenotes.html#Release_13.7.0

New:

#20357 - UnusedLocalVariable: new property jdkVersion to allow unused named pattern matching variables for pre-Java 22 code. #19148 - update MissingJavadocMethodCheck to use AST of javadoc. #19144 - update JavadocMethod to use AST of javadoc. #19889 - OverloadMethodsDeclarationOrder: new property required to order overloaded methods according to increasing parameter count.

Bug fixes:

#20395 - Javadoc parse error on @link label containing Java array initializer braces. #20452 - Add checks for OpenJDK style §4.6 - Constants. #20462 - Fix default property validation in InlineConfigParser. #20437 - Add checks for Openjdk style §3.8.3 - Wrapping Expressions. #19629 - Add checks for OpenJDK Style §3.5 - Modifiers. #20428 - Add checks for OpenJDK §3.4 - Class structure. #19623 - Add checks for OpenJDK Style §3.3 - Import statements. #20271 - UnnecessarySemicolonAfterTypeMemberDeclarationCheck: trailing semicolon after nested type not flagged in compact source files (JEP 512). #20223 - DeclarationOrderCheck: declaration order not enforced on top-level members in compact source files (JEP 512). #20219 - AnnotationLocationCheck: annotation on top-level variable not flagged in compact source files (JEP 512). #19805 - Add checks for OpenJDK Style §3.4.1 - Order of Constructors and Overloaded Methods. #20269 - UnnecessarySemicolonAfterOuterTypeDeclarationCheck reports false positive on JEP 512 compact source files. #20391 - Javadoc parse error while parsing formatted @value. #19915 - Documentation Comments Style Guide - Required Tags. #19972 - RequireThisCheck: NullPointerException on compact source files (JEP 512). #20385 - Add checks for OpenJDK Style §4.2 - Class, Interface and Enum Names. #20217 - InvalidJavadocPositionCheck: false positive on correctly-placed Javadoc in compact source files (JEP 512). #20093 - Add checks for OpenJDK Style §3.13 - Redundant Paranthesis. #20268 - OuterTypeNumberCheck reports false positive on JEP 512 compact source files. #20283 - Javadoc parse error for generic outer class inner-class link. #19835 - Documentation Comments Style Guide - First Sentence.

... (truncated)

Commits
  • be24005 [maven-release-plugin] prepare release checkstyle-13.7.0
  • aceb637 doc: release notes for 13.7.0
  • b1c826a Issue #20395: Fix Javadoc parse error on @​link label containing Java array in...
  • b7e64b5 Issue #16807: Specify all default properties in RedundantModifier tests
  • 07fb841 Issue #16807: Specify all default properties in AnnotationUtil tests
  • f5ef1d8 Issue #16807: Specify all default properties in JavadocStyle tests
  • 9fadf1e Issue #20473: Remove CirrusCI since it has shut down
  • d13b845 Issue #19764: Move violation comments out of Javadoc for JavadocMissingWhites...
  • e9a8cd5 Issue #20452: Added checks for constants
  • e111596 Issue #11163: Split InputJavadocTagContinuationIndentation.java to resolve Fi...
  • Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter-api from 6.1.0 to 6.1.1

Release notes

Sourced from org.junit.jupiter:junit-jupiter-api's releases.

JUnit 6.1.1 = Platform 6.1.1 + Jupiter 6.1.1 + Vintage 6.1.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.1.0...r6.1.1

Commits
  • 0d85889 Release 6.1.1
  • 0363eee Finalize 6.1.1 release notes
  • a6d540a Move entry to 6.1.1 release notes
  • 69339d5 Only pass timeout when publishing to avoid failure in nmcp plugin
  • dec2eb9 Allow excluding engines from memory cleanup mode (#5786)
  • a5f4270 Publish sha256/sha512 checksums again but filter out signature ones (#5796)
  • 8213012 Update plugin nmcp-settings to v1.6.0 (#5787)
  • d1bf847 Generate Javadoc for aggregator modules
  • d721de5 Pass --no-fonts to javadoc convention
  • d289ec6 Restore original SetSystemProperty values in a ParameterizedTest (#5720)
  • Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter-engine from 6.1.0 to 6.1.1

Release notes

Sourced from org.junit.jupiter:junit-jupiter-engine's releases.

JUnit 6.1.1 = Platform 6.1.1 + Jupiter 6.1.1 + Vintage 6.1.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.1.0...r6.1.1

Commits
  • 0d85889 Release 6.1.1
  • 0363eee Finalize 6.1.1 release notes
  • a6d540a Move entry to 6.1.1 release notes
  • 69339d5 Only pass timeout when publishing to avoid failure in nmcp plugin
  • dec2eb9 Allow excluding engines from memory cleanup mode (#5786)
  • a5f4270 Publish sha256/sha512 checksums again but filter out signature ones (#5796)
  • 8213012 Update plugin nmcp-settings to v1.6.0 (#5787)
  • d1bf847 Generate Javadoc for aggregator modules
  • d721de5 Pass --no-fonts to javadoc convention
  • d289ec6 Restore original SetSystemProperty values in a ParameterizedTest (#5720)
  • Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter-params from 6.1.0 to 6.1.1

Release notes

Sourced from org.junit.jupiter:junit-jupiter-params's releases.

JUnit 6.1.1 = Platform 6.1.1 + Jupiter 6.1.1 + Vintage 6.1.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.1.0...r6.1.1

Commits
  • 0d85889 Release 6.1.1
  • 0363eee Finalize 6.1.1 release notes
  • a6d540a Move entry to 6.1.1 release notes
  • 69339d5 Only pass timeout when publishing to avoid failure in nmcp plugin
  • dec2eb9 Allow excluding engines from memory cleanup mode (#5786)
  • a5f4270 Publish sha256/sha512 checksums again but filter out signature ones (#5796)
  • 8213012 Update plugin nmcp-settings to v1.6.0 (#5787)
  • d1bf847 Generate Javadoc for aggregator modules
  • d721de5 Pass --no-fonts to javadoc convention
  • d289ec6 Restore original SetSystemProperty values in a ParameterizedTest (#5720)
  • Additional commits viewable in compare view

Updates org.junit.platform:junit-platform-engine from 6.1.0 to 6.1.1

Release notes

Sourced from org.junit.platform:junit-platform-engine's releases.

JUnit 6.1.1 = Platform 6.1.1 + Jupiter 6.1.1 + Vintage 6.1.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.1.0...r6.1.1

Commits
  • 0d85889 Release 6.1.1
  • 0363eee Finalize 6.1.1 release notes
  • a6d540a Move entry to 6.1.1 release notes
  • 69339d5 Only pass timeout when publishing to avoid failure in nmcp plugin
  • dec2eb9 Allow excluding engines from memory cleanup mode (#5786)
  • a5f4270 Publish sha256/sha512 checksums again but filter out signature ones (#5796)
  • 8213012 Update plugin nmcp-settings to v1.6.0 (#5787)
  • d1bf847 Generate Javadoc for aggregator modules
  • d721de5 Pass --no-fonts to javadoc convention
  • d289ec6 Restore original SetSystemProperty values in a ParameterizedTest (#5720)
  • Additional commits viewable in compare view

Updates org.junit.platform:junit-platform-commons from 6.1.0 to 6.1.1

Release notes

Sourced from org.junit.platform:junit-platform-commons's releases.

JUnit 6.1.1 = Platform 6.1.1 + Jupiter 6.1.1 + Vintage 6.1.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.1.0...r6.1.1

Commits
  • 0d85889 Release 6.1.1
  • 0363eee Finalize 6.1.1 release notes
  • a6d540a Move entry to 6.1.1 release notes
  • 69339d5 Only pass timeout when publishing to avoid failure in nmcp plugin
  • dec2eb9 Allow excluding engines from memory cleanup mode (#5786)
  • a5f4270 Publish sha256/sha512 checksums again but filter out signature ones (#5796)
  • 8213012 Update plugin nmcp-settings to v1.6.0 (#5787)
  • d1bf847 Generate Javadoc for aggregator modules
  • d721de5 Pass --no-fonts to javadoc convention
  • d289ec6 Restore original SetSystemProperty values in a ParameterizedTest (#5720)
  • Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter-engine from 6.1.0 to 6.1.1

Release notes

Sourced from org.junit.jupiter:junit-jupiter-engine's releases.

JUnit 6.1.1 = Platform 6.1.1 + Jupiter 6.1.1 + Vintage 6.1.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.1.0...r6.1.1

Commits
  • 0d85889 Release 6.1.1
  • 0363eee Finalize 6.1.1 release notes
  • a6d540a Move entry to 6.1.1 release notes
  • 69339d5 Only pass timeout when publishing to avoid failure in nmcp plugin
  • dec2eb9 Allow excluding engines from memory cleanup mode (#5786)
  • a5f4270 Publish sha256/sha512 checksums again but filter out signature ones (#5796)
  • 8213012 Update plugin nmcp-settings to v1.6.0 (#5787)
  • d1bf847 Generate Javadoc for aggregator modules
  • d721de5 Pass --no-fonts to javadoc convention
  • d289ec6 Restore original SetSystemProperty values in a ParameterizedTest (#5720)
  • Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.5.34 to 1.5.37

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.37

2026-06-26 Release of logback version 1.5.37

• Given the numerous vulnerabilities related to conditional configuration processing based on the evaluation of Java expressions using the Janino library, support for such expressions has been removed. Users are offered the an online migration service or the element introduced in version 1.5.20. See the relevant documentation for more details.

• A bitwise identical binary of this version can be reproduced by building from source code at commit c1df7f522e648eec7b4ef6a12c8758fec0f00048 associated with the tag v_1.5.37. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.36

2026-06-25 Release of logback version 1.5.36

• The 'condition' attribute in <if> elements now reject certain references that are associated with ACE attacks. This issue was reported by "yulate" (yulate531@gmail.com.com) and registered as CVE-2026-13006.

• A bitwise identical binary of this version can be reproduced by building from source code at commit 9b94c37562bf25a6a944146701d42ee6c4eee888 associated with the tag v_1.5.36. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.35

026-06-23 Release of logback version 1.5.35

• The 'condition' attribute in <if> elements now rejects unicode escape sequences (\u and \U). This closes a bypass of the existing prohibition on the new operator in Janino-evaluated conditions. This issue was reported by IcySun (icysun@qq.com) and registered as CVE-2026-13006.

• Added ConfiguratorRank.AUTHENTICATING (rank 100), the highest configurator rank, for certified/authenticating configurators discovered via the ServiceLoader mechanism. ContextInitializer now requires that at most one such configurator exist on the classpath; if more than one is found, initialization aborts with an error.

ConsoleCharsetPropertyDefiner is no longer shipped. The Java 21 multi-release compilation of logback-core has been disabled, which removes this class from the published artifact. Configurations that referenced ch.qos.logback.core.property.ConsoleCharsetPropertyDefiner will need an alternative approach for console charset detection.

• The logback-examples module is now included in artifacts published to Maven Central.

JoranConfigurator.makeAnotherInstance() and DefaultJoranConfigurator.performMultiStepConfigurationFileSearch() are now protected, allowing derived configurators to override these methods.

• A bitwise identical binary of this version can be reproduced by building from source code at commit 08bd1598d565d83444f72983935e7da4746783b7 associated with the tag v_1.5.35. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

Updates ch.qos.logback:logback-classic from 1.5.34 to 1.5.37

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.37

2026-06-26 Release of logback version 1.5.37

• Given the numerous vulnerabilities related to conditional configuration processing based on the evaluation of Java expressions using the Janino library, support for such expressions has been removed. Users are offered the an online migration service or the element introduced in version 1.5.20. See the relevant documentation for more details.

• A bitwise identical binary of this version can be reproduced by building from source code at commit c1df7f522e648eec7b4ef6a12c8758fec0f00048 associated with the tag v_1.5.37. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.36

2026-06-25 Release of logback version 1.5.36

• The 'condition' attribute in <if> elements now reject certain references that are associated with ACE attacks. This issue was reported by "yulate" (yulate531@gmail.com.com) and registered as CVE-2026-13006.

• A bitwise identical binary of this version can be reproduced by building from source code at commit 9b94c37562bf25a6a944146701d42ee6c4eee888 associated with the tag v_1.5.36. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.35

026-06-23 Release of logback version 1.5.35

• The 'condition' attribute in <if> elements now rejects unicode escape sequences (\u and \U). This closes a bypass of the existing prohibition on the new operator in Janino-evaluated conditions. This issue was reported by IcySun (icysun@qq.com) and registered as CVE-2026-13006.

• Added ConfiguratorRank.AUTHENTICATING (rank 100), the highest configurator rank, for certified/authenticating configurators discovered via the ServiceLoader mechanism. ContextInitializer now requires that at most one such configurator exist on the classpath; if more than one is found, initialization aborts with an error.

ConsoleCharsetPropertyDefiner is no longer shipped. The Java 21 multi-release compilation of logback-core has been disabled, which removes this class from the published artifact. Configurations that referenced ch.qos.logback.core.property.ConsoleCharsetPropertyDefiner will need an alternative approach for console charset detection.

• The logback-examples module is now included in artifacts published to Maven Central.

JoranConfigurator.makeAnotherInstance() and DefaultJoranConfigurator.performMultiStepConfigurationFileSearch() are now protected, allowing derived configurators to override these methods.

• A bitwise identical binary of this version can be reproduced by building from source code at commit 08bd1598d565d83444f72983935e7da4746783b7 associated with the tag v_1.5.35. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

Updates org.hibernate.orm:hibernate-core from 7.4.1.Final to 7.4.3.Final

Release notes

Sourced from org.hibernate.orm:hibernate-core's releases.

Release 7.4.3

Hibernate ORM 7.4.3.Final released

Today, we published a new release of Hibernate ORM 7.4: 7.4.3.Final.

You can find the full list of 7.4.3.Final changes here.

What's new

  • See the website for requirements and compatibilities.
  • See the What's New guide for details about new features and capabilities.
  • See the Migration Guide for details about migration.

Conclusion

For additional details, see:

See also the following resources related to supported APIs:

Visit the website for details on getting in touch with us.

Release 7.4.2

Hibernate ORM 7.4.2.Final released

Today, we published a new release of Hibernate ORM 7.4: 7.4.2.Final.

You can find the full list of 7.4.2.Final changes here.

What's new

  • See the website for requirements and compatibilities.
  • See the What's New guide for details about new features and capabilities.
  • See the Migration Guide for details about migration.

Conclusion

... (truncated)

Changelog

Sourced from org.hibernate.orm:hibernate-core's changelog.

Changes in 7.4.3.Final (June 28, 2026)

https://hibernate.atlassian.net/projects/HHH/versions/39790

** Bug * HHH-20621 NullPointerException in CacheEntityLoaderHelper.loadFromSessionCache with JOINED inheritance, lazy ManyToOne proxy to parent type, and join fetch on subtype query * HHH-20606 Single @Id from @MappedSuperclass is lost when an @IdClass entity shares the same superclass * HHH-20588 @​Formula properties generate invalid SQL when used with paginated queries that include collection fetches * HHH-20524 Inline dirty checking + @​DynamicUpdate: a dirty scalar sorting after a nested-embeddable path is omitted from the UPDATE (silent data loss)

** Improvement * HHH-20538 Improve AltibaseDialect compatibility with Hibernate ORM 8.0/7.4

** Task * HHH-20609 Guard against connection leaks

Changes in 7.4.2.Final (June 21, 2026)

https://hibernate.atlassian.net/projects/HHH/versions/39622

** Bug * HHH-20587 Log "Attempt to stop an already-stopped RegionFactory" is a warning but should just be debug * HHH-20561 NullPointerException in Query.setCacheRetrieveMode() and Query.setCacheStoreMode() * HHH-20425 Identifier not detected while @Id is placed in @MappedSuperClass and combined with @Access

Commits
  • 50ecef7 [Jenkins release job] Preparing release 7.4.3.Final
  • b777101 [Jenkins release job] changelog.txt updated by release build 7.4.3.Final
  • d5b3846 Do not copy fonts into Javadoc jars
  • 6f9ceaf HHH-20621 Ensure proxy implementation is set when claiming existing EntityHolder
  • cb485a3 HHH-20621 Test polymorphic proxy find causing NPE
  • e3ca594 HHH-20538 Backport Altibase dialect fixes to 7.4
  • a16dc09 Align disabled tests with main branch
  • 5991bb7 Stop running CI on push and remove nightly CI runs
  • c05696e HHH-20606 Simplify check for identifier on MappedSuperclass
  • 35b56a8 HHH-20606 Add invalid entity id inheritance coverage
  • Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter-params from 6.1.0 to 6.1.1

Release notes

Sourced from org.junit.jupiter:junit-jupiter-params's releases.

JUnit 6.1.1 = Platform 6.1.1 + Jupiter 6.1.1 + Vintage 6.1.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.1.0...r6.1.1

Commits
  • 0d85889 Release 6.1.1
  • 0363eee Finalize 6.1.1 release notes
  • a6d540a Move entry to 6.1.1 release notes
  • 69339d5 Only pass timeout when publishing to avoid failure in nmcp plugin
  • dec2eb9 Allow excluding engines from memory cleanup mode (#5786)
  • a5f4270 Publish sha256/sha512 checksums again but filter out signature ones (#5796)
  • 8213012 Update plugin nmcp-settings to v1.6.0 (#5787)
  • d1bf847 Generate Javadoc for aggregator modules
  • d721de5 Pass --no-fonts to javadoc convention
  • d289ec6 Restore original SetSystemProperty values in a ParameterizedTest (#5720)
  • Additional commits viewable in compare view

Updates org.junit.platform:junit-platform-engine from 6.1.0 to 6.1.1

Release notes

Sourced from org.junit.platform:junit-platform-engine's releases.

JUnit 6.1.1 = Platform 6.1.1 + Jupiter 6.1.1 + Vintage 6.1.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.1.0...r6.1.1

Commits
  • 0d85889 Release 6.1.1
  • 0363eee Finalize 6.1.1 release notes
  • a6d540a Move entry to 6.1.1 release notes
  • 69339d5 Only pass timeout when publishing to avoid failure in nmcp plugin
  • dec2eb9 Allow excluding engines from memory cleanup mode (#5786)
  • a5f4270 Publish sha256/sha512 checksums again but filter out signature ones (#5796)
  • 8213012 Update plugin nmcp-settings to v1.6.0 (#5787)
  • d1bf847 Generate Javadoc for aggregator modules
  • d721de5 Pass --no-fonts to javadoc convention
  • d289ec6 Restore original SetSystemProperty values in a ParameterizedTest (#5720)
  • Additional commits viewable in compare view

Updates org.junit.platform:junit-platform-commons from 6.1.0 to 6.1.1

Release notes

Sourced from org.junit.platform:junit-platform-commons's releases.

JUnit 6.1.1 = Platform 6.1.1 + Jupiter 6.1.1 + Vintage 6.1.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.1.0...r6.1.1

Commits
  • 0d85889 Release 6.1.1
  • 0363eee Finalize 6.1.1 release notes
  • a6d540a Move entry to 6.1.1 release notes
  • 69339d5 Only pass timeout when publishing to avoid failure in nmcp plugin
  • dec2eb9 Allow excluding engines from memory cleanup mode (#5786)
  • a5f4270 Publish sha256/sha512 checksums again but filter out signature ones (#5796)
  • 8213012 Update plugin nmcp-settings to v1.6.0 (#5787)
  • d1bf847 Generate Javadoc for aggregator modules
  • d721de5 Pass --no-fonts to javadoc convention
  • d289ec6 Restore original SetSystemProperty values in a ParameterizedTest (#5720)
  • Additional commits viewable in compare view

Updates org.apache.tomcat.embed:tomcat-embed-core from 11.0.22 to 11.0.23

Updates org.apache.tomcat.embed:tomcat-embed-el from 11.0.22 to 11.0.23

Updates org.apache.tomcat.embed:tomcat-embed-websocket from 11.0.22 to 11.0.23

Updates org.apache.tomcat:tomcat-jaspic-api from 11.0.22 to 11.0.23

Updates org.apache.tomcat:tomcat-catalina from 11.0.22 to 11.0.23

Updates org.apache.tomcat:tomcat-jasper from 11.0.22 to 11.0.23

Updates org.apache.tomcat:tomcat-jasper-el from 11.0.22 to 11.0.23

Updates org.apache.tomcat.embed:tomcat-embed-el from 11.0.22 to 11.0.23

Updates org.apache.tomcat.embed:tomcat-embed-websocket from 11.0.22 to 11.0.23

Updates org.apache.tomcat:tomcat-jaspic-api from 11.0.22 to 11.0.23

Updates org.apache.tomcat:tomcat-catalina from 11.0.22 to 11.0.23

Updates fish.payara.extras:payara-micro from 7.2026.5 to 7.2026.6

Release notes

Sourced from fish.payara.extras:payara-micro's releases.

Azul Payara Community 7.2026.6

Supported APIs and Applications

  • Jakarta EE 11

  • Jakarta EE 11 Applications

  • MicroProfile 6.1

Security Fixes

  • [FISH-13637] Fix CSRF + SSRF in Admin Console / REST Management Interface

Bug Fixes

  • [FISH-10485] Fix Payara Micro Boot Properties Not Applied With the Right Timing

  • [FISH-11896] Fix Quoted-Argument Parsing in prebootCommandFile (asadmin) and PREBOOT_COMMANDS (Docker)

  • [FISH-12270] Fix Misleading Log Entries Generated While Configuring Additional Properties for Virtual Servers

  • [FISH-12800] Fix MicroProfile /metrics Endpoint Containing Duplicate Metrics

  • [FISH-13058] [Community Contribution - lprimak] Fix Missing JSESSIONIDVERSION Leading to Session Not Being Correctly Retrieved in Relaxed Mode

  • [FISH-13091] Assorted Deployment Group Fixes

  • [FISH-13137] Fix Prometheus Metrics to Report Histogram Times in Seconds

  • [FISH-13138] Fix Payara Micro’s --outputlauncher to Respect payara-boot.properties

  • [FISH-13400] Fix WELD-001408 Unsatisfied Dependency for Repository Injection in CDI Bean

  • [FISH-13447] Fix Micro NullPointerException with log-to-console Access Log Option

  • [FISH-13779] Fix Changing the Admin Password in the Admin Console Not Working

Improvements

  • [FISH-11606] Avoid Parsing Method Names on Every Jakarta Data HTTP Request

  • [FISH-12426] Reintroduce Standalone OpenMQ Support for Windows

  • [FISH-13097] Add Default OpenMQ Credentials Warning

  • [FISH-13339] Add warlibs Support to remove-library Command

... (truncated)

Commits
  • 1cb0ec9 Merge pull request #8241 from Pandrex247/FISH-13532-Windows-Release
  • 679c9f2 FISH-13532 Improve Windows SSH Node detection
  • 64a172a FISH-13532 SSH Node Liveness improvements
  • 92139ab FISH-13532 Fix copyright
  • 82207e6 Merge pull request #8239 from Pandrex247/FISH-13823-EDDSA
  • 7f165d5 FISH-13823 Replace eddsa with net-i2p-crypto-eddsa
  • d90e9fa Increment version numbers for Release
  • be83ab0 Merge pull request #8229 from raushan606/FISH-13637
  • b95e118 FISH-13637: Do not pass restUrl over request parameters
  • a67eae1 Merge pull request #8223 from felixif/FISH-13779
  • Additional commits viewable in compare view

Updates org.apache.tomcat:tomcat-jasper from 11.0.22 to 11.0.23

Updates org.apache.tomcat:tomcat-jasper-el from 11.0.22 to 11.0.23

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…h 18 updates

Bumps the maven-dependencies group with 18 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [org.apache:apache](https://github.com/apache/maven-apache-parent) | `38` | `39` |
| [com.puppycrawl.tools:checkstyle](https://github.com/checkstyle/checkstyle) | `13.6.0` | `13.7.0` |
| [org.junit.jupiter:junit-jupiter-api](https://github.com/junit-team/junit-framework) | `6.1.0` | `6.1.1` |
| [org.junit.jupiter:junit-jupiter-engine](https://github.com/junit-team/junit-framework) | `6.1.0` | `6.1.1` |
| [org.junit.jupiter:junit-jupiter-params](https://github.com/junit-team/junit-framework) | `6.1.0` | `6.1.1` |
| [org.junit.platform:junit-platform-engine](https://github.com/junit-team/junit-framework) | `6.1.0` | `6.1.1` |
| [org.junit.platform:junit-platform-commons](https://github.com/junit-team/junit-framework) | `6.1.0` | `6.1.1` |
| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.5.34` | `1.5.37` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.34` | `1.5.37` |
| [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) | `7.4.1.Final` | `7.4.3.Final` |
| org.apache.tomcat.embed:tomcat-embed-core | `11.0.22` | `11.0.23` |
| org.apache.tomcat.embed:tomcat-embed-el | `11.0.22` | `11.0.23` |
| org.apache.tomcat.embed:tomcat-embed-websocket | `11.0.22` | `11.0.23` |
| org.apache.tomcat:tomcat-jaspic-api | `11.0.22` | `11.0.23` |
| org.apache.tomcat:tomcat-catalina | `11.0.22` | `11.0.23` |
| org.apache.tomcat:tomcat-jasper | `11.0.22` | `11.0.23` |
| org.apache.tomcat:tomcat-jasper-el | `11.0.22` | `11.0.23` |
| [fish.payara.extras:payara-micro](https://github.com/payara/Payara) | `7.2026.5` | `7.2026.6` |



Updates `org.apache:apache` from 38 to 39
- [Release notes](https://github.com/apache/maven-apache-parent/releases)
- [Commits](https://github.com/apache/maven-apache-parent/commits)

Updates `com.puppycrawl.tools:checkstyle` from 13.6.0 to 13.7.0
- [Release notes](https://github.com/checkstyle/checkstyle/releases)
- [Commits](checkstyle/checkstyle@checkstyle-13.6.0...checkstyle-13.7.0)

Updates `org.junit.jupiter:junit-jupiter-api` from 6.1.0 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.1.0...r6.1.1)

Updates `org.junit.jupiter:junit-jupiter-engine` from 6.1.0 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.1.0...r6.1.1)

Updates `org.junit.jupiter:junit-jupiter-params` from 6.1.0 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.1.0...r6.1.1)

Updates `org.junit.platform:junit-platform-engine` from 6.1.0 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.1.0...r6.1.1)

Updates `org.junit.platform:junit-platform-commons` from 6.1.0 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.1.0...r6.1.1)

Updates `org.junit.jupiter:junit-jupiter-engine` from 6.1.0 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.1.0...r6.1.1)

Updates `ch.qos.logback:logback-core` from 1.5.34 to 1.5.37
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.34...v_1.5.37)

Updates `ch.qos.logback:logback-classic` from 1.5.34 to 1.5.37
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.34...v_1.5.37)

Updates `org.hibernate.orm:hibernate-core` from 7.4.1.Final to 7.4.3.Final
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/7.4.3/changelog.txt)
- [Commits](hibernate/hibernate-orm@7.4.1...7.4.3)

Updates `org.junit.jupiter:junit-jupiter-params` from 6.1.0 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.1.0...r6.1.1)

Updates `org.junit.platform:junit-platform-engine` from 6.1.0 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.1.0...r6.1.1)

Updates `org.junit.platform:junit-platform-commons` from 6.1.0 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.1.0...r6.1.1)

Updates `org.apache.tomcat.embed:tomcat-embed-core` from 11.0.22 to 11.0.23

Updates `org.apache.tomcat.embed:tomcat-embed-el` from 11.0.22 to 11.0.23

Updates `org.apache.tomcat.embed:tomcat-embed-websocket` from 11.0.22 to 11.0.23

Updates `org.apache.tomcat:tomcat-jaspic-api` from 11.0.22 to 11.0.23

Updates `org.apache.tomcat:tomcat-catalina` from 11.0.22 to 11.0.23

Updates `org.apache.tomcat:tomcat-jasper` from 11.0.22 to 11.0.23

Updates `org.apache.tomcat:tomcat-jasper-el` from 11.0.22 to 11.0.23

Updates `org.apache.tomcat.embed:tomcat-embed-el` from 11.0.22 to 11.0.23

Updates `org.apache.tomcat.embed:tomcat-embed-websocket` from 11.0.22 to 11.0.23

Updates `org.apache.tomcat:tomcat-jaspic-api` from 11.0.22 to 11.0.23

Updates `org.apache.tomcat:tomcat-catalina` from 11.0.22 to 11.0.23

Updates `fish.payara.extras:payara-micro` from 7.2026.5 to 7.2026.6
- [Release notes](https://github.com/payara/Payara/releases)
- [Commits](payara/Payara@payara-server-7.2026.5...payara-server-7.2026.6)

Updates `org.apache.tomcat:tomcat-jasper` from 11.0.22 to 11.0.23

Updates `org.apache.tomcat:tomcat-jasper-el` from 11.0.22 to 11.0.23

---
updated-dependencies:
- dependency-name: org.apache:apache
  dependency-version: '39'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: maven-dependencies
- dependency-name: com.puppycrawl.tools:checkstyle
  dependency-version: 13.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.junit.jupiter:junit-jupiter-api
  dependency-version: 6.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.junit.jupiter:junit-jupiter-engine
  dependency-version: 6.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.junit.jupiter:junit-jupiter-params
  dependency-version: 6.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.junit.platform:junit-platform-engine
  dependency-version: 6.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.junit.platform:junit-platform-commons
  dependency-version: 6.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.junit.jupiter:junit-jupiter-engine
  dependency-version: 6.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: ch.qos.logback:logback-core
  dependency-version: 1.5.37
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.37
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 7.4.3.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.junit.jupiter:junit-jupiter-params
  dependency-version: 6.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.junit.platform:junit-platform-engine
  dependency-version: 6.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.junit.platform:junit-platform-commons
  dependency-version: 6.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.tomcat.embed:tomcat-embed-core
  dependency-version: 11.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.tomcat.embed:tomcat-embed-el
  dependency-version: 11.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.tomcat.embed:tomcat-embed-websocket
  dependency-version: 11.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.tomcat:tomcat-jaspic-api
  dependency-version: 11.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.tomcat:tomcat-catalina
  dependency-version: 11.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.tomcat:tomcat-jasper
  dependency-version: 11.0.23
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.tomcat:tomcat-jasper-el
  dependency-version: 11.0.23
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.tomcat.embed:tomcat-embed-el
  dependency-version: 11.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.tomcat.embed:tomcat-embed-websocket
  dependency-version: 11.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.tomcat:tomcat-jaspic-api
  dependency-version: 11.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.tomcat:tomcat-catalina
  dependency-version: 11.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: fish.payara.extras:payara-micro
  dependency-version: 7.2026.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.tomcat:tomcat-jasper
  dependency-version: 11.0.23
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.tomcat:tomcat-jasper-el
  dependency-version: 11.0.23
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 30, 2026
@github-actions github-actions Bot added xml and removed java Pull requests that update Java code labels Jun 30, 2026
@boris-petrov boris-petrov merged commit f698ce4 into main Jul 6, 2026
16 checks passed
@dependabot dependabot Bot deleted the dependabot/maven/maven-dependencies-89b8cae3fa branch July 6, 2026 06:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file xml

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants