This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new f4eaa1f4ac00 CAMEL-22788: Use new lz4 that is maintained and does not
have CVE (#20477)
f4eaa1f4ac00 is described below
commit f4eaa1f4ac008bde413c779e84c177d9ae8dac21
Author: Claus Ibsen <[email protected]>
AuthorDate: Wed Dec 17 10:46:36 2025 +0100
CAMEL-22788: Use new lz4 that is maintained and does not have CVE (#20477)
* CAMEL-22788: camel-kafka - Use new lz4 that is maintained and does not
have CVE
* CAMEL-22788: camel-flink - Use new lz4 that is maintained and does not
have CVE
* CAMEL-22788: camel-aws2-kinesis - Use new lz4 that is maintained and does
not have CVE
* CAMEL-22788: camel-rocketmq - Use new lz4 that is maintained and does not
have CVE
* CAMEL-22788: camel-debezium - Use new lz4 that is maintained and does not
have CVE
---
components/camel-aws/camel-aws2-kinesis/pom.xml | 11 +++++++++++
.../camel-debezium-common-component/pom.xml | 11 +++++++++++
components/camel-debezium/camel-debezium-common/pom.xml | 9 +++++++++
components/camel-debezium/camel-debezium-db2/pom.xml | 6 ++++++
components/camel-debezium/camel-debezium-mongodb/pom.xml | 6 ++++++
components/camel-debezium/camel-debezium-mysql/pom.xml | 4 ++++
components/camel-debezium/camel-debezium-oracle/pom.xml | 6 ++++++
components/camel-debezium/camel-debezium-postgres/pom.xml | 6 ++++++
components/camel-debezium/camel-debezium-sqlserver/pom.xml | 6 ++++++
components/camel-flink/pom.xml | 9 +++++++++
components/camel-kafka/pom.xml | 11 +++++++++++
components/camel-rocketmq/pom.xml | 11 +++++++++++
parent/pom.xml | 1 +
13 files changed, 97 insertions(+)
diff --git a/components/camel-aws/camel-aws2-kinesis/pom.xml
b/components/camel-aws/camel-aws2-kinesis/pom.xml
index 4a7ca805451b..cb6fd07a1bb9 100644
--- a/components/camel-aws/camel-aws2-kinesis/pom.xml
+++ b/components/camel-aws/camel-aws2-kinesis/pom.xml
@@ -55,6 +55,17 @@
<groupId>software.amazon.kinesis</groupId>
<artifactId>amazon-kinesis-client</artifactId>
<version>${amazon-kinesis-client-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>at.yawk.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ <version>${lz4-java-version}</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
diff --git
a/components/camel-debezium/camel-debezium-common/camel-debezium-common-component/pom.xml
b/components/camel-debezium/camel-debezium-common/camel-debezium-common-component/pom.xml
index fe28e504cc15..e3a849890162 100644
---
a/components/camel-debezium/camel-debezium-common/camel-debezium-common-component/pom.xml
+++
b/components/camel-debezium/camel-debezium-common/camel-debezium-common-component/pom.xml
@@ -42,6 +42,17 @@
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<version>${kafka-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>at.yawk.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ <version>${lz4-java-version}</version>
</dependency>
<!-- test -->
diff --git a/components/camel-debezium/camel-debezium-common/pom.xml
b/components/camel-debezium/camel-debezium-common/pom.xml
index a0c16c63e324..148dbbf91ff2 100644
--- a/components/camel-debezium/camel-debezium-common/pom.xml
+++ b/components/camel-debezium/camel-debezium-common/pom.xml
@@ -64,6 +64,10 @@
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -71,6 +75,11 @@
<artifactId>debezium-storage-file</artifactId>
<version>${debezium-version}</version>
</dependency>
+ <dependency>
+ <groupId>at.yawk.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ <version>${lz4-java-version}</version>
+ </dependency>
</dependencies>
</project>
diff --git a/components/camel-debezium/camel-debezium-db2/pom.xml
b/components/camel-debezium/camel-debezium-db2/pom.xml
index 798103c9822d..ec1c5926685b 100644
--- a/components/camel-debezium/camel-debezium-db2/pom.xml
+++ b/components/camel-debezium/camel-debezium-db2/pom.xml
@@ -43,6 +43,12 @@
<groupId>io.debezium</groupId>
<artifactId>debezium-connector-db2</artifactId>
<version>${debezium-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- test -->
diff --git a/components/camel-debezium/camel-debezium-mongodb/pom.xml
b/components/camel-debezium/camel-debezium-mongodb/pom.xml
index f3b0e3d74f14..1f9f7e11aecb 100644
--- a/components/camel-debezium/camel-debezium-mongodb/pom.xml
+++ b/components/camel-debezium/camel-debezium-mongodb/pom.xml
@@ -43,6 +43,12 @@
<groupId>io.debezium</groupId>
<artifactId>debezium-connector-mongodb</artifactId>
<version>${debezium-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- test -->
diff --git a/components/camel-debezium/camel-debezium-mysql/pom.xml
b/components/camel-debezium/camel-debezium-mysql/pom.xml
index 6e2cda092d20..bf8568081c17 100644
--- a/components/camel-debezium/camel-debezium-mysql/pom.xml
+++ b/components/camel-debezium/camel-debezium-mysql/pom.xml
@@ -48,6 +48,10 @@
<groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
</exclusions>
</dependency>
diff --git a/components/camel-debezium/camel-debezium-oracle/pom.xml
b/components/camel-debezium/camel-debezium-oracle/pom.xml
index ade4c729bcc2..08742605472f 100644
--- a/components/camel-debezium/camel-debezium-oracle/pom.xml
+++ b/components/camel-debezium/camel-debezium-oracle/pom.xml
@@ -43,6 +43,12 @@
<groupId>io.debezium</groupId>
<artifactId>debezium-connector-oracle</artifactId>
<version>${debezium-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- test -->
diff --git a/components/camel-debezium/camel-debezium-postgres/pom.xml
b/components/camel-debezium/camel-debezium-postgres/pom.xml
index 0c0dcea31361..a7a40b13a981 100644
--- a/components/camel-debezium/camel-debezium-postgres/pom.xml
+++ b/components/camel-debezium/camel-debezium-postgres/pom.xml
@@ -43,6 +43,12 @@
<groupId>io.debezium</groupId>
<artifactId>debezium-connector-postgres</artifactId>
<version>${debezium-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- test -->
diff --git a/components/camel-debezium/camel-debezium-sqlserver/pom.xml
b/components/camel-debezium/camel-debezium-sqlserver/pom.xml
index 2aa43a6cc84d..0feb0df2071b 100644
--- a/components/camel-debezium/camel-debezium-sqlserver/pom.xml
+++ b/components/camel-debezium/camel-debezium-sqlserver/pom.xml
@@ -43,6 +43,12 @@
<groupId>io.debezium</groupId>
<artifactId>debezium-connector-sqlserver</artifactId>
<version>${debezium-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- test -->
diff --git a/components/camel-flink/pom.xml b/components/camel-flink/pom.xml
index d18b58329342..1a060b6746da 100644
--- a/components/camel-flink/pom.xml
+++ b/components/camel-flink/pom.xml
@@ -72,6 +72,10 @@
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -89,6 +93,11 @@
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>at.yawk.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ <version>${lz4-java-version}</version>
+ </dependency>
<!--testing-->
<dependency>
diff --git a/components/camel-kafka/pom.xml b/components/camel-kafka/pom.xml
index d418fc561aa6..549ff14d2a03 100644
--- a/components/camel-kafka/pom.xml
+++ b/components/camel-kafka/pom.xml
@@ -48,6 +48,17 @@
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<version>${kafka-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>at.yawk.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ <version>${lz4-java-version}</version>
</dependency>
<dependency>
diff --git a/components/camel-rocketmq/pom.xml
b/components/camel-rocketmq/pom.xml
index dc5dbe003443..0fd83c35a5cf 100644
--- a/components/camel-rocketmq/pom.xml
+++ b/components/camel-rocketmq/pom.xml
@@ -57,6 +57,17 @@
<groupId>org.apache.rocketmq</groupId>
<artifactId>rocketmq-acl</artifactId>
<version>${rocketmq-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>at.yawk.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ <version>${lz4-java-version}</version>
</dependency>
<dependency>
diff --git a/parent/pom.xml b/parent/pom.xml
index 2d47528f0c86..92a7a2826852 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -364,6 +364,7 @@
<lucene-version>9.12.0</lucene-version>
<lightcouch-version>0.2.0</lightcouch-version>
<littleproxy-version>2.4.7</littleproxy-version>
+ <lz4-java-version>1.10.2</lz4-java-version>
<mapstruct-version>1.6.3</mapstruct-version>
<!-- needed from tooling/archetypes -->
<maven-version>3.9.12</maven-version>
