[fix][sec] Added Exclusions for tomcat-embed-core and derby and override mina-core to remediate CVEs (#24949)

Author: guptas6est

pom.xml

@@ -372,6 +372,7 @@ flexible messaging model and an intuitive client API.</description>
     <nimbus-jose-jwt.version>9.37.4</nimbus-jose-jwt.version>
     <commons-beanutils.version>1.11.0</commons-beanutils.version>
     <commons-configuration2.version>2.12.0</commons-configuration2.version>
+    <mina-core.version>2.1.10</mina-core.version>
   </properties>
 
   <dependencyManagement>

pulsar-io/flume/pom.xml

@@ -31,6 +31,16 @@
     <artifactId>pulsar-io-flume</artifactId>
     <name>Pulsar IO :: Flume</name>
 
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.apache.mina</groupId>
+                <artifactId>mina-core</artifactId>
+                <version>${mina-core.version}</version>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
     <dependencies>
         <dependency>
             <groupId>${project.groupId}</groupId>
@@ -61,6 +71,14 @@
                     <artifactId>avro</artifactId>
                     <groupId>org.apache.avro</groupId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.apache.tomcat.embed</groupId>
+                    <artifactId>tomcat-embed-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.derby</groupId>
+                    <artifactId>derby</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>