This is an automated email from the ASF dual-hosted git repository.
lzljs3620320 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/paimon.git
The following commit(s) were added to refs/heads/master by this push:
new 8c765c5541 [core] upgrade lz4-java to 1.10.4 due to CVE (#7384)
8c765c5541 is described below
commit 8c765c55416a70f427ccc600f42caeba99724855
Author: Pei Yu <[email protected]>
AuthorDate: Tue Mar 10 08:21:07 2026 +0800
[core] upgrade lz4-java to 1.10.4 due to CVE (#7384)
Linked issue: close https://github.com/apache/paimon/issues/7367
---
paimon-bundle/pom.xml | 2 +-
paimon-common/pom.xml | 2 +-
pom.xml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/paimon-bundle/pom.xml b/paimon-bundle/pom.xml
index 5e2686001c..6154902db6 100644
--- a/paimon-bundle/pom.xml
+++ b/paimon-bundle/pom.xml
@@ -76,7 +76,7 @@ under the License.
</dependency>
<dependency>
- <groupId>org.lz4</groupId>
+ <groupId>at.yawk.lz4</groupId>
<artifactId>lz4-java</artifactId>
<version>${lz4.version}</version>
</dependency>
diff --git a/paimon-common/pom.xml b/paimon-common/pom.xml
index 198c2fe769..2371265cf4 100644
--- a/paimon-common/pom.xml
+++ b/paimon-common/pom.xml
@@ -65,7 +65,7 @@ under the License.
<!-- From paimon-bundle -->
<dependency>
- <groupId>org.lz4</groupId>
+ <groupId>at.yawk.lz4</groupId>
<artifactId>lz4-java</artifactId>
<version>${lz4.version}</version>
</dependency>
diff --git a/pom.xml b/pom.xml
index cccce5960d..0db5ac8d45 100644
--- a/pom.xml
+++ b/pom.xml
@@ -94,7 +94,7 @@ under the License.
<codegen.scala.version>${scala212.version}</codegen.scala.version>
<snappy.version>1.1.10.8</snappy.version>
<airlift.version>2.0.3</airlift.version>
- <lz4.version>1.8.1</lz4.version>
+ <lz4.version>1.10.4</lz4.version>
<slf4j.version>1.7.32</slf4j.version>
<log4j.version>2.25.3</log4j.version>
<junit4.version>4.13.2</junit4.version>
