Skip to content

Commit 6bdfe09

Browse files
sd4324530sd4324530
committed
fix issue-2081:switch to at.yawk.lz4:lz4-java due to CVE-2025-12183
Signed-off-by: peiyu <[email protected]>
1 parent 453d64b commit 6bdfe09

File tree

4 files changed

+8
-8
lines changed
  • fluss-client/src/main/resources/META-INF
  • fluss-common
  • fluss-lake/fluss-lake-iceberg/src/main/resources/META-INF
  • fluss-server/src/main/resources/META-INF

4 files changed

+8
-8
lines changed

fluss-client/src/main/resources/META-INF/NOTICE

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ This project bundles the following dependencies under the Apache Software Licens
1010
- com.ververica:frocksdbjni:6.20.3-ververica-2.0
1111
- org.apache.commons:commons-lang3:3.18.0
1212
- org.apache.commons:commons-math3:3.6.1
13-
- org.lz4:lz4-java:1.8.0
13+
- at.yawk.lz4:lz4-java:1.10.1
1414

1515
This project bundles the following dependencies under the MIT (https://opensource.org/licenses/MIT)
1616
See bundled license files for details.
@@ -20,4 +20,4 @@ See bundled license files for details.
2020
This project bundles the following dependencies under BSD License (https://opensource.org/licenses/bsd-license.php).
2121
See bundled license files for details.
2222

23-
- com.github.luben:zstd-jni:1.5.7-1
23+
- com.github.luben:zstd-jni:1.5.7-6

fluss-common/pom.xml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -64,15 +64,15 @@
6464

6565
<!-- TODO: these two dependencies need to be shaded. -->
6666
<dependency>
67-
<groupId>org.lz4</groupId>
67+
<groupId>at.yawk.lz4</groupId>
6868
<artifactId>lz4-java</artifactId>
69-
<version>1.8.0</version>
69+
<version>1.10.1</version>
7070
</dependency>
7171

7272
<dependency>
7373
<groupId>com.github.luben</groupId>
7474
<artifactId>zstd-jni</artifactId>
75-
<version>1.5.7-1</version>
75+
<version>1.5.7-6</version>
7676
</dependency>
7777

7878
<!-- RocksDB dependencies -->

fluss-lake/fluss-lake-iceberg/src/main/resources/META-INF/NOTICE

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,5 +51,5 @@ See bundled license files for details.
5151
This project bundles the following dependencies under BSD License (https://opensource.org/licenses/bsd-license.php).
5252
See bundled license files for details.
5353

54-
- com.github.luben:zstd-jni:1.5.7-1
54+
- com.github.luben:zstd-jni:1.5.7-6
5555
- org.threeten:threeten-extra:1.7.1

fluss-server/src/main/resources/META-INF/NOTICE

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ This project bundles the following dependencies under the Apache Software Licens
1313
- commons-cli:commons-cli:1.5.0
1414
- org.apache.commons:commons-lang3:3.18.0
1515
- org.apache.commons:commons-math3:3.6.1
16-
- org.lz4:lz4-java:1.8.0
16+
- at.yawk.lz4:lz4-java:1.10.1
1717
- org.xerial.snappy:snappy-java:1.1.10.4
1818

1919
This project bundles the following dependencies under the MIT (https://opensource.org/licenses/MIT)
@@ -25,6 +25,6 @@ See bundled license files for details.
2525
This project bundles the following dependencies under BSD License (https://opensource.org/licenses/bsd-license.php).
2626
See bundled license files for details.
2727

28-
- com.github.luben:zstd-jni:1.5.7-1
28+
- com.github.luben:zstd-jni:1.5.7-6
2929

3030

0 commit comments

Comments
 (0)