massakam opened a new pull request, #4696: URL: https://github.com/apache/bookkeeper/pull/4696
### Motivation `net.jpountz.lz4:lz4` has been reported to contain multiple vulnerabilities, but it is no longer maintained and users are advised to migrate to the community version, `at.yawk.lz4:lz4-java`. https://www.sonatype.com/security-advisories/cve-2025-12183 ### Changes Pulsar has already done this replacement, so I made a similar change. https://github.com/apache/pulsar/pull/25032 Migrating to `at.yawk.lz4:lz4-java` will fix the vulnerabilities, but the security advisory also recommends replacing `.fastDecompressor()` with `.safeDecompressor()` for better performance. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
