From a9f36bf97abe435c6fddf7f3ca81e860738be560 Mon Sep 17 00:00:00 2001
From: Peter Nied <petern@amazon.com>
Date: Mon, 15 Apr 2024 20:54:29 +0000
Subject: [PATCH 1/2] Bump `joda-time` from 2.12.2 to 2.12.7

Addresses CVE-2024-23080

Signed-off-by: Peter Nied <petern@amazon.com>
---
 CHANGELOG.md                | 1 +
 buildSrc/version.properties | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index acd9c32d15fa5..4f232f70d3869 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,6 +35,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Bump Apache Tika from 2.6.0 to 2.9.2 ([#12627](https://github.com/opensearch-project/OpenSearch/pull/12627))
 - Bump `com.gradle.enterprise` from 3.16.2 to 3.17.1 ([#13116](https://github.com/opensearch-project/OpenSearch/pull/13116), [#13191](https://github.com/opensearch-project/OpenSearch/pull/13191))
 - Bump `gradle/wrapper-validation-action` from 2 to 3 ([#13192](https://github.com/opensearch-project/OpenSearch/pull/13192))
+- Bump `joda-time` from 2.12.2 to 2.12.7 ([#](https://github.com/opensearch-project/OpenSearch/pull/))
 
 ### Changed
 - [BWC and API enforcement] Enforcing the presence of API annotations at build time ([#12872](https://github.com/opensearch-project/OpenSearch/pull/12872))
diff --git a/buildSrc/version.properties b/buildSrc/version.properties
index 873cf7a721ac3..6e0d538460987 100644
--- a/buildSrc/version.properties
+++ b/buildSrc/version.properties
@@ -27,7 +27,7 @@ jakarta_annotation = 1.3.5
 jna               = 5.13.0
 
 netty             = 4.1.108.Final
-joda              = 2.12.2
+joda              = 2.12.7
 
 # project reactor
 reactor_netty     = 1.1.17

From 9ab41b0d18f859ac51cdfd8de315a8c01e385d9c Mon Sep 17 00:00:00 2001
From: Peter Nied <petern@amazon.com>
Date: Mon, 15 Apr 2024 20:57:38 +0000
Subject: [PATCH 2/2] Include PR number

Signed-off-by: Peter Nied <petern@amazon.com>
---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4f232f70d3869..403ad1ad6dae3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,7 +35,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Bump Apache Tika from 2.6.0 to 2.9.2 ([#12627](https://github.com/opensearch-project/OpenSearch/pull/12627))
 - Bump `com.gradle.enterprise` from 3.16.2 to 3.17.1 ([#13116](https://github.com/opensearch-project/OpenSearch/pull/13116), [#13191](https://github.com/opensearch-project/OpenSearch/pull/13191))
 - Bump `gradle/wrapper-validation-action` from 2 to 3 ([#13192](https://github.com/opensearch-project/OpenSearch/pull/13192))
-- Bump `joda-time` from 2.12.2 to 2.12.7 ([#](https://github.com/opensearch-project/OpenSearch/pull/))
+- Bump `joda-time` from 2.12.2 to 2.12.7 ([#13203](https://github.com/opensearch-project/OpenSearch/pull/13203))
 
 ### Changed
 - [BWC and API enforcement] Enforcing the presence of API annotations at build time ([#12872](https://github.com/opensearch-project/OpenSearch/pull/12872))