Vulnerability due to outdated org.iq80.snappy:snappy version

[relaxedboi]

Description:

The project currently uses an outdated version of the org.iq80.snappy:snappy library. Continuing to use version 0.4 may expose the system to security vulnerabilities and compatibility issues with modern JDKs.

Current Configuration (Gradle):
dependencies {
implementation 'org.iq80.snappy:snappy:0.4'
}
Issues with 0.4:

Lacks security and stability patches present in newer releases
May cause issues with buffer handling or decompression under high load
Potentially incompatible with Java 17+ in stricter environments
No longer maintained or receiving fixes in this version

Recommendation:
Upgrade to the latest available version (as of now, 0.5):

dependencies {
implementation 'org.iq80.snappy:snappy:0.5'
}

Additional Steps:
Run a security scan using tools like gradle dependencyCheckAnalyze, OWASP Dependency-Check, or Snyk to confirm no active CVEs exist in the current version
Test after upgrade to ensure backward compatibility
Lock versions in dependencies.lock or use version catalogs to avoid accidental downgrades

References:
Snappy Library on Maven Central
GitHub Project (for the Java port commonly mistaken for iq80’s version)