This is an automated email from the ASF dual-hosted git repository. haonan pushed a commit to branch cp_cve_fix in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit 7e5cc6e06eeb9f42ae5313b36a9891c142ddcf33 Author: Haonan <[email protected]> AuthorDate: Fri Dec 5 18:42:33 2025 +0800 Switch to at.yawk.lz4:lz4-java:1.10.0 (#16871) --- LICENSE-binary | 4 ++-- iotdb-client/session/pom.xml | 14 ++++++++++++++ iotdb-core/datanode/pom.xml | 4 ++++ pom.xml | 16 ++++++++++++++-- 4 files changed, 34 insertions(+), 4 deletions(-) diff --git a/LICENSE-binary b/LICENSE-binary index c088b00d7f3..e43195403ea 100644 --- a/LICENSE-binary +++ b/LICENSE-binary @@ -213,7 +213,7 @@ conditions of the following licenses. The binary distribution of this product bundles these dependencies under the following license. See licenses/ for text of these licenses. -Apache Software Foundation License 2.0 +Apache License 2.0 -------------------------------------- commons-cli:commons-cli:1.5.0 commons-codec:commons-codec:1.16.1 @@ -227,7 +227,7 @@ com.fasterxml.jackson.core:jackson-annotations:2.15.4 com.fasterxml.jackson.core:jackson-core:2.15.4 com.fasterxml.jackson.core:jackson-databind:2.15.4 jakarta.inject:jakarta.inject:2.6.1 -org.lz4:lz4-java:1.8.0 +at.yawk.lz4:lz4-java:1.10.0 com.github.stephenc.jcip:jcip-annotations:1.0-1 com.github.ben-manes.caffeine:caffeine:2.9.3 org.eclipse.jetty:jetty-http:9.4.56.v20240826 diff --git a/iotdb-client/session/pom.xml b/iotdb-client/session/pom.xml index e45c1a8fe29..ed968e514f1 100644 --- a/iotdb-client/session/pom.xml +++ b/iotdb-client/session/pom.xml @@ -59,6 +59,11 @@ <artifactId>tsfile</artifactId> <version>${tsfile.version}</version> </dependency> + <dependency> + <groupId>at.yawk.lz4</groupId> + <artifactId>lz4-java</artifactId> + <scope>runtime</scope> + </dependency> <dependency> <groupId>org.apache.iotdb</groupId> <artifactId>iotdb-thrift</artifactId> @@ -121,6 +126,15 @@ </execution> </executions> </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-dependency-plugin</artifactId> + <configuration> + <usedDependencies> + <usedDependency>at.yawk.lz4:lz4-java</usedDependency> + </usedDependencies> + </configuration> + </plugin> </plugins> </build> <profiles> diff --git a/iotdb-core/datanode/pom.xml b/iotdb-core/datanode/pom.xml index b97a532249a..fc5f7a89430 100644 --- a/iotdb-core/datanode/pom.xml +++ b/iotdb-core/datanode/pom.xml @@ -303,6 +303,10 @@ <groupId>org.java-websocket</groupId> <artifactId>Java-WebSocket</artifactId> </dependency> + <dependency> + <groupId>at.yawk.lz4</groupId> + <artifactId>lz4-java</artifactId> + </dependency> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> diff --git a/pom.xml b/pom.xml index c0aa991df53..20815cfdb9f 100644 --- a/pom.xml +++ b/pom.xml @@ -118,7 +118,7 @@ <junit.version>4.13.2</junit.version> <!-- This was the last version to support Java 8 --> <logback.version>1.3.16</logback.version> - <lz4-java.version>1.8.0</lz4-java.version> + <lz4-java.version>1.10.0</lz4-java.version> <maven.assembly.version>3.6.0</maven.assembly.version> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> @@ -318,6 +318,18 @@ <artifactId>commons-io</artifactId> <version>${commons-io.version}</version> </dependency> + <dependency> + <groupId>org.apache.tsfile</groupId> + <artifactId>tsfile</artifactId> + <version>${tsfile.version}</version> + <!-- Once tsfile switch to at.yawk.lz4:lz4-java, remove the following part --> + <exclusions> + <exclusion> + <groupId>org.lz4</groupId> + <artifactId>lz4-java</artifactId> + </exclusion> + </exclusions> + </dependency> <dependency> <groupId>org.apache.ratis</groupId> <artifactId>ratis-server</artifactId> @@ -509,7 +521,7 @@ <version>${zstd-jni.version}</version> </dependency> <dependency> - <groupId>org.lz4</groupId> + <groupId>at.yawk.lz4</groupId> <artifactId>lz4-java</artifactId> <version>${lz4-java.version}</version> </dependency>
