This is an automated email from the ASF dual-hosted git repository.
markap14 pushed a commit to branch NIFI-15258
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/NIFI-15258 by this push:
new 41266ffa2b NIFI-15258: Fixed vulnerable lz4 dependency
41266ffa2b is described below
commit 41266ffa2b93288f51f93a50d52d77d829fef7b0
Author: Mark Payne <[email protected]>
AuthorDate: Mon Dec 8 20:11:11 2025 -0500
NIFI-15258: Fixed vulnerable lz4 dependency
---
.../nifi-kafka-to-s3-integration-tests/pom.xml | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git
a/nifi-connectors/nifi-kafka-to-s3-bundle/nifi-kafka-to-s3-integration-tests/pom.xml
b/nifi-connectors/nifi-kafka-to-s3-bundle/nifi-kafka-to-s3-integration-tests/pom.xml
index c36971572c..345f9b1a38 100644
---
a/nifi-connectors/nifi-kafka-to-s3-bundle/nifi-kafka-to-s3-integration-tests/pom.xml
+++
b/nifi-connectors/nifi-kafka-to-s3-bundle/nifi-kafka-to-s3-integration-tests/pom.xml
@@ -65,11 +65,23 @@
</dependency>
<!-- Kafka client for producing test data -->
+ <!-- Override vulnerable kafka clients -->
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
- <version>3.9.0</version>
- <scope>test</scope>
+ <version>4.1.1</version>
+ <exclusions>
+ <!-- Excluded and replaced with at.yawk.lz4 version -->
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>at.yawk.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ <version>1.10.1</version>
</dependency>
<!-- Confluent Schema Registry and Avro dependencies for testing -->
