It looks like texlive includes prebuilt binary Java code that is not rebuilt from source.
Affected NVR: texlive-20230311-19.el10
Upstream tarball tex4ht.tar.xz includes tex4ht.jar which is installed in binary package texlive-tex4ht as /usr/share/texlive/texmf-dist/tex4ht/bin/tex4ht.jar as-is, without rebuilding from sources.