Apache Iceberg version

main (development)

Query engine

Kafka Connect

Please describe the bug 🐞

When building the Kafka Connect with Hive from main (just in advance of 1.10), a CVE scan finds that we're vulnerable to CVE-2025-48734 due to pulling in a dependency of Hive (commons-beanutils). This is resolved with commons-beanutils 1.11.0 and higher - but in investigating the issue, I found that someon Hive depedencies were being built for the non-Hive connector.

Willingness to contribute

• I can contribute a fix for this bug independently
• I would be willing to contribute a fix for this bug with guidance from the Iceberg community
• I cannot contribute a fix for this bug at this time