From 0ba928dbfc4c6f0b80dbfa74efe7ddfc56636cc3 Mon Sep 17 00:00:00 2001
From: David Zane <davizane@amazon.com>
Date: Thu, 17 Jul 2025 16:58:37 -0700
Subject: [PATCH] Fix CVE-2025-27820 and CVE-2025-48734

Signed-off-by: David Zane <davizane@amazon.com>
---
 build.gradle | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/build.gradle b/build.gradle
index 04d04b25..b5117f2b 100644
--- a/build.gradle
+++ b/build.gradle
@@ -6,6 +6,7 @@ import java.nio.file.Paths
 import java.util.concurrent.Callable
 import java.util.stream.Collectors
 
+
 buildscript {
   ext {
     opensearch_version = System.getProperty("opensearch.version", "2.19.3-SNAPSHOT")
@@ -41,6 +42,32 @@ plugins {
   id 'checkstyle'
 }
 
+configurations.all {
+  resolutionStrategy {
+    eachDependency { DependencyResolveDetails details ->
+      if (details.requested.group == 'org.apache.httpcomponents.client5' &&
+        details.requested.name == 'httpclient5') {
+        details.useVersion '5.4.4'
+      }
+      if (details.requested.group == 'org.apache.httpcomponents.core5' &&
+        details.requested.name == 'httpcore5-h2') {
+        details.useVersion '5.3.4'
+      }
+      if (details.requested.group == 'org.apache.httpcomponents.core5' &&
+        details.requested.name == 'httpcore5') {
+        details.useVersion '5.3.4'
+      }
+      if (details.requested.group == 'commons-beanutils') {
+        details.useVersion '1.11.0'
+      }
+      if (details.requested.group == 'org.apache.commons' &&
+        details.requested.name == 'commons-beanutils2') {
+        details.useVersion '2.0.0-M2'
+      }
+    }
+  }
+}
+
 apply plugin: 'java'
 apply plugin: 'idea'
 apply plugin: 'eclipse'