This is an automated email from the ASF dual-hosted git repository. davsclaus pushed a commit to branch camel-4.10.x in repository https://gitbox.apache.org/repos/asf/camel.git
commit ae77ab7f5fd33f1e335332d1b0ee2f5cb929b863 Author: Claus Ibsen <[email protected]> AuthorDate: Wed Dec 17 10:46:36 2025 +0100 CAMEL-22788: Use new lz4 that is maintained and does not have CVE (#20477) * CAMEL-22788: camel-kafka - Use new lz4 that is maintained and does not have CVE * CAMEL-22788: camel-flink - Use new lz4 that is maintained and does not have CVE * CAMEL-22788: camel-aws2-kinesis - Use new lz4 that is maintained and does not have CVE * CAMEL-22788: camel-rocketmq - Use new lz4 that is maintained and does not have CVE * CAMEL-22788: camel-debezium - Use new lz4 that is maintained and does not have CVE --- components/camel-aws/camel-aws2-kinesis/pom.xml | 11 +++++++++++ .../camel-debezium-common-component/pom.xml | 11 +++++++++++ components/camel-debezium/camel-debezium-common/pom.xml | 9 +++++++++ components/camel-debezium/camel-debezium-db2/pom.xml | 6 ++++++ components/camel-debezium/camel-debezium-mongodb/pom.xml | 6 ++++++ components/camel-debezium/camel-debezium-mysql/pom.xml | 4 ++++ components/camel-debezium/camel-debezium-oracle/pom.xml | 6 ++++++ components/camel-debezium/camel-debezium-postgres/pom.xml | 6 ++++++ components/camel-debezium/camel-debezium-sqlserver/pom.xml | 6 ++++++ components/camel-flink/pom.xml | 9 +++++++++ components/camel-kafka/pom.xml | 11 +++++++++++ components/camel-rocketmq/pom.xml | 11 +++++++++++ parent/pom.xml | 1 + 13 files changed, 97 insertions(+) diff --git a/components/camel-aws/camel-aws2-kinesis/pom.xml b/components/camel-aws/camel-aws2-kinesis/pom.xml index 7106eb3e7521..f8a3da9ec703 100644 --- a/components/camel-aws/camel-aws2-kinesis/pom.xml +++ b/components/camel-aws/camel-aws2-kinesis/pom.xml @@ -51,6 +51,17 @@ <groupId>software.amazon.kinesis</groupId> <artifactId>amazon-kinesis-client</artifactId> <version>${amazon-kinesis-client-version}</version> + <exclusions> + <exclusion> + <groupId>org.lz4</groupId> + <artifactId>lz4-java</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>at.yawk.lz4</groupId> + <artifactId>lz4-java</artifactId> + <version>${lz4-java-version}</version> </dependency> <dependency> <groupId>software.amazon.awssdk</groupId> diff --git a/components/camel-debezium/camel-debezium-common/camel-debezium-common-component/pom.xml b/components/camel-debezium/camel-debezium-common/camel-debezium-common-component/pom.xml index 688b195b5dbe..cbddf38be3ea 100644 --- a/components/camel-debezium/camel-debezium-common/camel-debezium-common-component/pom.xml +++ b/components/camel-debezium/camel-debezium-common/camel-debezium-common-component/pom.xml @@ -42,6 +42,17 @@ <groupId>org.apache.kafka</groupId> <artifactId>kafka-clients</artifactId> <version>${kafka-version}</version> + <exclusions> + <exclusion> + <groupId>org.lz4</groupId> + <artifactId>lz4-java</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>at.yawk.lz4</groupId> + <artifactId>lz4-java</artifactId> + <version>${lz4-java-version}</version> </dependency> <!-- test --> diff --git a/components/camel-debezium/camel-debezium-common/pom.xml b/components/camel-debezium/camel-debezium-common/pom.xml index 2cc29eb034eb..ce0e545d7066 100644 --- a/components/camel-debezium/camel-debezium-common/pom.xml +++ b/components/camel-debezium/camel-debezium-common/pom.xml @@ -64,6 +64,10 @@ <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> + <exclusion> + <groupId>org.lz4</groupId> + <artifactId>lz4-java</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -71,6 +75,11 @@ <artifactId>debezium-storage-file</artifactId> <version>${debezium-version}</version> </dependency> + <dependency> + <groupId>at.yawk.lz4</groupId> + <artifactId>lz4-java</artifactId> + <version>${lz4-java-version}</version> + </dependency> </dependencies> </project> diff --git a/components/camel-debezium/camel-debezium-db2/pom.xml b/components/camel-debezium/camel-debezium-db2/pom.xml index 14fa0e81817e..f74aca7f31c7 100644 --- a/components/camel-debezium/camel-debezium-db2/pom.xml +++ b/components/camel-debezium/camel-debezium-db2/pom.xml @@ -43,6 +43,12 @@ <groupId>io.debezium</groupId> <artifactId>debezium-connector-db2</artifactId> <version>${debezium-version}</version> + <exclusions> + <exclusion> + <groupId>org.lz4</groupId> + <artifactId>lz4-java</artifactId> + </exclusion> + </exclusions> </dependency> <!-- test --> diff --git a/components/camel-debezium/camel-debezium-mongodb/pom.xml b/components/camel-debezium/camel-debezium-mongodb/pom.xml index 395a01ff9c44..e506b6ee4bf5 100644 --- a/components/camel-debezium/camel-debezium-mongodb/pom.xml +++ b/components/camel-debezium/camel-debezium-mongodb/pom.xml @@ -43,6 +43,12 @@ <groupId>io.debezium</groupId> <artifactId>debezium-connector-mongodb</artifactId> <version>${debezium-version}</version> + <exclusions> + <exclusion> + <groupId>org.lz4</groupId> + <artifactId>lz4-java</artifactId> + </exclusion> + </exclusions> </dependency> <!-- test --> diff --git a/components/camel-debezium/camel-debezium-mysql/pom.xml b/components/camel-debezium/camel-debezium-mysql/pom.xml index 576942138e5d..4cce82bd7ccb 100644 --- a/components/camel-debezium/camel-debezium-mysql/pom.xml +++ b/components/camel-debezium/camel-debezium-mysql/pom.xml @@ -48,6 +48,10 @@ <groupId>com.mysql</groupId> <artifactId>mysql-connector-j</artifactId> </exclusion> + <exclusion> + <groupId>org.lz4</groupId> + <artifactId>lz4-java</artifactId> + </exclusion> </exclusions> </dependency> diff --git a/components/camel-debezium/camel-debezium-oracle/pom.xml b/components/camel-debezium/camel-debezium-oracle/pom.xml index 857deb5e36c2..13a47e422107 100644 --- a/components/camel-debezium/camel-debezium-oracle/pom.xml +++ b/components/camel-debezium/camel-debezium-oracle/pom.xml @@ -43,6 +43,12 @@ <groupId>io.debezium</groupId> <artifactId>debezium-connector-oracle</artifactId> <version>${debezium-version}</version> + <exclusions> + <exclusion> + <groupId>org.lz4</groupId> + <artifactId>lz4-java</artifactId> + </exclusion> + </exclusions> </dependency> <!-- test --> diff --git a/components/camel-debezium/camel-debezium-postgres/pom.xml b/components/camel-debezium/camel-debezium-postgres/pom.xml index c1bec5119a5c..8bc5309de734 100644 --- a/components/camel-debezium/camel-debezium-postgres/pom.xml +++ b/components/camel-debezium/camel-debezium-postgres/pom.xml @@ -43,6 +43,12 @@ <groupId>io.debezium</groupId> <artifactId>debezium-connector-postgres</artifactId> <version>${debezium-version}</version> + <exclusions> + <exclusion> + <groupId>org.lz4</groupId> + <artifactId>lz4-java</artifactId> + </exclusion> + </exclusions> </dependency> <!-- test --> diff --git a/components/camel-debezium/camel-debezium-sqlserver/pom.xml b/components/camel-debezium/camel-debezium-sqlserver/pom.xml index ec00943d25f3..7ffc80526988 100644 --- a/components/camel-debezium/camel-debezium-sqlserver/pom.xml +++ b/components/camel-debezium/camel-debezium-sqlserver/pom.xml @@ -43,6 +43,12 @@ <groupId>io.debezium</groupId> <artifactId>debezium-connector-sqlserver</artifactId> <version>${debezium-version}</version> + <exclusions> + <exclusion> + <groupId>org.lz4</groupId> + <artifactId>lz4-java</artifactId> + </exclusion> + </exclusions> </dependency> <!-- test --> diff --git a/components/camel-flink/pom.xml b/components/camel-flink/pom.xml index f97ef9f9f8cc..155146259bc0 100644 --- a/components/camel-flink/pom.xml +++ b/components/camel-flink/pom.xml @@ -72,6 +72,10 @@ <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> + <exclusion> + <groupId>org.lz4</groupId> + <artifactId>lz4-java</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -89,6 +93,11 @@ </exclusion> </exclusions> </dependency> + <dependency> + <groupId>at.yawk.lz4</groupId> + <artifactId>lz4-java</artifactId> + <version>${lz4-java-version}</version> + </dependency> <!--testing--> <dependency> diff --git a/components/camel-kafka/pom.xml b/components/camel-kafka/pom.xml index 1c7bfe8578f4..b69f4f0e523b 100644 --- a/components/camel-kafka/pom.xml +++ b/components/camel-kafka/pom.xml @@ -48,6 +48,17 @@ <groupId>org.apache.kafka</groupId> <artifactId>kafka-clients</artifactId> <version>${kafka-version}</version> + <exclusions> + <exclusion> + <groupId>org.lz4</groupId> + <artifactId>lz4-java</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>at.yawk.lz4</groupId> + <artifactId>lz4-java</artifactId> + <version>${lz4-java-version}</version> </dependency> <dependency> diff --git a/components/camel-rocketmq/pom.xml b/components/camel-rocketmq/pom.xml index 100b348da3c2..b8adebd7ee94 100644 --- a/components/camel-rocketmq/pom.xml +++ b/components/camel-rocketmq/pom.xml @@ -58,6 +58,17 @@ <groupId>org.apache.rocketmq</groupId> <artifactId>rocketmq-acl</artifactId> <version>${rocketmq-version}</version> + <exclusions> + <exclusion> + <groupId>org.lz4</groupId> + <artifactId>lz4-java</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>at.yawk.lz4</groupId> + <artifactId>lz4-java</artifactId> + <version>${lz4-java-version}</version> </dependency> <dependency> diff --git a/parent/pom.xml b/parent/pom.xml index c6f1b240dd0d..5c04cc4d589d 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -333,6 +333,7 @@ <lucene-version>9.12.0</lucene-version> <lightcouch-version>0.2.0</lightcouch-version> <littleproxy-version>2.4.0</littleproxy-version> + <lz4-java-version>1.10.2</lz4-java-version> <mapstruct-version>1.6.3</mapstruct-version> <!-- needed from tooling/archetypes --> <maven-version>3.9.9</maven-version>
