Skip to content

Bump MCP Java SDK from 1.1.0 to 1.1.1#26886

Merged
Vishnuujain merged 1 commit intomainfrom
fix/bump-mcp-sdk-1.1.1
Mar 31, 2026
Merged

Bump MCP Java SDK from 1.1.0 to 1.1.1#26886
Vishnuujain merged 1 commit intomainfrom
fix/bump-mcp-sdk-1.1.1

Conversation

@Vishnuujain
Copy link
Copy Markdown
Contributor

@Vishnuujain Vishnuujain commented Mar 31, 2026

Describe your changes:

Fixes https://github.com/open-metadata/OpenMetadata/security/dependabot/358

I worked on ... because ...

Type of change:

  • Bug fix
  • Improvement
  • New feature
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation

Checklist:

  • I have read the CONTRIBUTING document.
  • My PR title is Fixes <issue-number>: <short explanation>
  • I have commented on my code, particularly in hard-to-understand areas.
  • For JSON Schema changes: I updated the migration scripts or explained why it is not needed.

@Vishnuujain Vishnuujain added safe to test Add this label to run secure Github workflows on PRs To release Will cherry-pick this PR into the release branch labels Mar 31, 2026
@gitar-bot
Copy link
Copy Markdown

gitar-bot bot commented Mar 31, 2026
edited
Loading

Code Review ✅ Approved

Bumps MCP Java SDK from 1.1.0 to 1.1.1 to address CVE-2026-34237. No issues found.

Options

Display: compact → Showing less information.

Comment with these commands to change:

Compact 
gitar display:verbose

Was this helpful? React with 👍 / 👎 | Gitar

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Mar 31, 2026

Quality Gate Passed Quality Gate passed for 'open-metadata-ingestion'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 31, 2026

🟡 Playwright Results — all passed (23 flaky)

✅ 3443 passed · ❌ 0 failed · 🟡 23 flaky · ⏭️ 223 skipped

Shard Passed Failed Flaky Skipped
🟡 Shard 1 449 0 6 2
🟡 Shard 2 617 0 1 32
🟡 Shard 3 616 0 4 27
🟡 Shard 4 618 0 6 47
🟡 Shard 5 585 0 2 67
🟡 Shard 6 558 0 4 48
🟡 23 flaky test(s) (passed on retry)
  • Features/DataAssetRulesDisabled.spec.ts › Verify the Database Service entity item action after rules disabled (shard 1, 1 retry)
  • Features/DataAssetRulesDisabled.spec.ts › should allow multiple domain selection for glossary term when entity rules are disabled (shard 1, 1 retry)
  • Flow/Tour.spec.ts › Tour should work from help section (shard 1, 1 retry)
  • Flow/Tour.spec.ts › Tour should work from welcome screen (shard 1, 1 retry)
  • Flow/Tour.spec.ts › Tour should work from URL directly (shard 1, 2 retries)
  • Pages/UserCreationWithPersona.spec.ts › Create user with persona and verify on profile (shard 1, 1 retry)
  • Features/BulkEditEntity.spec.ts › Glossary (shard 2, 1 retry)
  • Features/Permissions/GlossaryPermissions.spec.ts › Team-based permissions work correctly (shard 3, 1 retry)
  • Flow/AddRoleAndAssignToUser.spec.ts › Verify assigned role to new user (shard 3, 1 retry)
  • Flow/ExploreDiscovery.spec.ts › Should display deleted assets when showDeleted is checked and deleted is not present in queryFilter (shard 3, 1 retry)
  • Flow/PersonaDeletionUserProfile.spec.ts › User profile loads correctly before and after persona deletion (shard 3, 1 retry)
  • Pages/Customproperties-part2.spec.ts › entityReferenceList shows item count, scrollable list, no expand toggle (shard 4, 1 retry)
  • Pages/DomainDataProductsRightPanel.spec.ts › Should edit tags for data product from domain context (shard 4, 1 retry)
  • Pages/Domains.spec.ts › Data Product announcement create, edit & delete (shard 4, 1 retry)
  • Pages/Domains.spec.ts › Rename domain with deeply nested subdomains (3+ levels) verifies FQN propagation (shard 4, 1 retry)
  • Pages/Domains.spec.ts › Subdomain rename does not affect parent domain and updates nested children (shard 4, 1 retry)
  • Pages/Domains.spec.ts › Multiple consecutive domain renames preserve all associations (shard 4, 1 retry)
  • Pages/EntityDataConsumer.spec.ts › Glossary Term Add, Update and Remove for child entities (shard 5, 1 retry)
  • Pages/EntityDataConsumer.spec.ts › Tag Add, Update and Remove (shard 5, 1 retry)
  • Pages/Glossary.spec.ts › Add and Remove Assets (shard 6, 1 retry)
  • Pages/GlossaryImportExport.spec.ts › Export maintains hierarchy structure in CSV (shard 6, 1 retry)
  • Pages/UserDetails.spec.ts › Admin user can get all the roles hierarchy and edit roles (shard 6, 1 retry)
  • Pages/Users.spec.ts › Permissions for table details page for Data Consumer (shard 6, 1 retry)

📦 Download artifacts

How to debug locally 
# Download playwright-test-results-<shard> artifact and unzip
npx playwright show-trace path/to/trace.zip    # view trace

@Vishnuujain Vishnuujain merged commit 403c297 into main Mar 31, 2026
55 of 84 checks passed
@Vishnuujain Vishnuujain deleted the fix/bump-mcp-sdk-1.1.1 branch March 31, 2026 19:03
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 31, 2026

Changes have been cherry-picked to the 1.12.5 branch.

github-actions bot pushed a commit that referenced this pull request Mar 31, 2026
@Vishnuujain
Bump MCP Java SDK from 1.1.0 to 1.1.1 (CVE-2026-34237) (#26886)
8a7f639 
(cherry picked from commit 403c297)
ulixius9 pushed a commit that referenced this pull request Apr 6, 2026
@Vishnuujain @ulixius9
Bump MCP Java SDK from 1.1.0 to 1.1.1 (CVE-2026-34237) (#26886)
294d49d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@harsh-vador harsh-vador harsh-vador approved these changes

Assignees

No one assigned

Labels

safe to test Add this label to run secure Github workflows on PRs To release Will cherry-pick this PR into the release branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Vishnuujain @harsh-vador