diff --git a/backfill-cli/build.gradle b/backfill-cli/build.gradle
index 313f4864..13ec58bf 100644
--- a/backfill-cli/build.gradle
+++ b/backfill-cli/build.gradle
@@ -84,6 +84,14 @@ dependencies {
     implementation "${pulsarGroup}:pulsar-client:${pulsarVersion}"
     implementation "${pulsarGroup}:pulsar-client-tools-api:${pulsarVersion}"
 
+    configurations.all {
+        resolutionStrategy.dependencySubstitution {
+            // Override the version of lz4-java to fix vulnerability
+            // Also this project is migrated to at.yawk.lz4
+            substitute module('org.lz4:lz4-java') using module("at.yawk.lz4:lz4-java:${lz4javaVersion}")
+        }
+    }
+
     runtimeOnly 'org.conscrypt:conscrypt-openjdk-uber:2.5.2'
 
     testImplementation "org.junit.jupiter:junit-jupiter-api:5.8.1"
diff --git a/connector/build.gradle b/connector/build.gradle
index dc109415..1eaff668 100644
--- a/connector/build.gradle
+++ b/connector/build.gradle
@@ -48,9 +48,9 @@ dependencies {
     compileOnly("${pulsarGroup}:pulsar-io-core:${pulsarVersion}")
     implementation(platform("com.fasterxml.jackson:jackson-bom:${jacksonBomVersion}"))
     // Override transitive bouncycastle dependencies coming from pulsar
-    implementation(platform("org.bouncycastle:bcpkix-jdk18on:${bouncycastleVersion}"))
-    implementation(platform("org.bouncycastle:bcprov-jdk18on:${bouncycastleVersion}"))
-    implementation(platform("org.bouncycastle:bcprov-ext-jdk18on:1.78.1"))
+    implementation("org.bouncycastle:bcpkix-jdk18on:${bouncycastleVersion}")
+    implementation("org.bouncycastle:bcprov-jdk18on:${bouncycastleVersion}")
+    implementation("org.bouncycastle:bcprov-ext-jdk18on:1.78.1")
 
     configurations.all {
         resolutionStrategy {
diff --git a/gradle.properties b/gradle.properties
index 0b4447d7..6794abf8 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -8,7 +8,7 @@ releasesRepoUrl=https://repo.datastax.com/artifactory/datastax-public-releases-l
 
 # deps version
 avroVersion=1.11.4
-jacksonCoreVersion=2.21.1
+jacksonCoreVersion=2.21.2
 lombokVersion=1.18.20
 ossDriverVersion=4.19.2
 cassandra3Version=3.11.19
@@ -17,13 +17,13 @@ dse4Version=6.8.61
 
 pulsarGroup=org.apache.pulsar
 pulsarVersion=3.0.3
-bouncycastleVersion=1.79
+bouncycastleVersion=1.84
 protobufJavaVersion=3.25.8
 # Used when running tests locally, CI will override those values
 testPulsarImage=datastax/lunastreaming
 testPulsarImageTag=2.10_3.4
 
-kafkaVersion=3.9.1
+kafkaVersion=3.9.2
 lz4javaVersion=1.10.1
 vavrVersion=0.10.3
 testContainersVersion=1.19.1