This is an automated email from the ASF dual-hosted git repository. markap14 pushed a commit to branch NIFI-15258 in repository https://gitbox.apache.org/repos/asf/nifi.git
commit e04d6729dccd627a2459dbd0f6f864e885d52297 Author: Mark Payne <[email protected]> AuthorDate: Mon Dec 8 20:11:11 2025 -0500 NIFI-15258: Fixed vulnerable lz4 dependency --- .../nifi-kafka-to-s3-integration-tests/pom.xml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/nifi-connectors/nifi-kafka-to-s3-bundle/nifi-kafka-to-s3-integration-tests/pom.xml b/nifi-connectors/nifi-kafka-to-s3-bundle/nifi-kafka-to-s3-integration-tests/pom.xml index c36971572c..345f9b1a38 100644 --- a/nifi-connectors/nifi-kafka-to-s3-bundle/nifi-kafka-to-s3-integration-tests/pom.xml +++ b/nifi-connectors/nifi-kafka-to-s3-bundle/nifi-kafka-to-s3-integration-tests/pom.xml @@ -65,11 +65,23 @@ </dependency> <!-- Kafka client for producing test data --> + <!-- Override vulnerable kafka clients --> <dependency> <groupId>org.apache.kafka</groupId> <artifactId>kafka-clients</artifactId> - <version>3.9.0</version> - <scope>test</scope> + <version>4.1.1</version> + <exclusions> + <!-- Excluded and replaced with at.yawk.lz4 version --> + <exclusion> + <groupId>org.lz4</groupId> + <artifactId>lz4-java</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>at.yawk.lz4</groupId> + <artifactId>lz4-java</artifactId> + <version>1.10.1</version> </dependency> <!-- Confluent Schema Registry and Avro dependencies for testing -->
