From 6918a37b76a14e24bb2611850429bbc483cf94a9 Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts@users.noreply.github.com>
Date: Mon, 22 Dec 2025 23:28:11 +0000
Subject: [PATCH] strimzi-kafka-operator/0.49.1-r1: fix GHSA-vc5p-v9hr-52mj
 <!--ci-cve-scan:must-fix: GHSA-vc5p-v9hr-52mj-->

---
 strimzi-kafka-operator.yaml              | 2 +-
 strimzi-kafka-operator/pombump-deps.yaml | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/strimzi-kafka-operator.yaml b/strimzi-kafka-operator.yaml
index 726a4681ae3..e7118fe0d28 100644
--- a/strimzi-kafka-operator.yaml
+++ b/strimzi-kafka-operator.yaml
@@ -1,7 +1,7 @@
 package:
   name: strimzi-kafka-operator
   version: "0.49.1"
-  epoch: 1 # GHSA-3677-xxcr-wjqv
+  epoch: 2 # GHSA-vc5p-v9hr-52mj
   description: Apache Kafka® running on Kubernetes
   copyright:
     - license: Apache-2.0
diff --git a/strimzi-kafka-operator/pombump-deps.yaml b/strimzi-kafka-operator/pombump-deps.yaml
index 027bbaa502f..2df52334d4f 100644
--- a/strimzi-kafka-operator/pombump-deps.yaml
+++ b/strimzi-kafka-operator/pombump-deps.yaml
@@ -5,3 +5,6 @@ patches:
   - groupId: org.apache.commons
     artifactId: commons-lang3
     version: 3.18.0
+  - groupId: org.apache.logging.log4j
+    artifactId: log4j-core
+    version: 2.25.3