(pulsar) branch master updated: [fix][sec] Upgrade aircompressor to 2.0.3 to resolve CVE-2025-67721 (#25256)

Tue, 24 Feb 2026 16:37:37 -0800 

This is an automated email from the ASF dual-hosted git repository.

mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new ee477cc1dfe [fix][sec] Upgrade aircompressor to 2.0.3 to resolve 
CVE-2025-67721 (#25256)
ee477cc1dfe is described below

commit ee477cc1dfe645ef473b87d166ccc2fcf9a4e04a
Author: Lari Hotari <[email protected]>
AuthorDate: Wed Feb 25 02:36:13 2026 +0200

    [fix][sec] Upgrade aircompressor to 2.0.3 to resolve CVE-2025-67721 (#25256)
---
 distribution/server/src/assemble/LICENSE.bin.txt | 2 +-
 distribution/shell/src/assemble/LICENSE.bin.txt  | 2 +-
 pom.xml                                          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt 
b/distribution/server/src/assemble/LICENSE.bin.txt
index d733739309a..4a0eb2f52f9 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -387,7 +387,7 @@ The Apache Software License, Version 2.0
     - org.apache.httpcomponents-httpclient-4.5.13.jar
     - org.apache.httpcomponents-httpcore-4.4.15.jar
  * AirCompressor
-    - io.airlift-aircompressor-0.27.jar
+    - io.airlift-aircompressor-2.0.3.jar
  * AsyncHttpClient
     - org.asynchttpclient-async-http-client-2.12.4.jar
     - org.asynchttpclient-async-http-client-netty-utils-2.12.4.jar
diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt 
b/distribution/shell/src/assemble/LICENSE.bin.txt
index 31f36833dce..3219f66c953 100644
--- a/distribution/shell/src/assemble/LICENSE.bin.txt
+++ b/distribution/shell/src/assemble/LICENSE.bin.txt
@@ -395,7 +395,7 @@ The Apache Software License, Version 2.0
     - cpu-affinity-4.17.3.jar
     - circe-checksum-4.17.3.jar
   * AirCompressor
-     - aircompressor-0.27.jar
+     - aircompressor-2.0.3.jar
  * AsyncHttpClient
     - async-http-client-2.12.4.jar
     - async-http-client-netty-utils-2.12.4.jar
diff --git a/pom.xml b/pom.xml
index b82fe0b1f23..5d975391161 100644
--- a/pom.xml
+++ b/pom.xml
@@ -262,7 +262,7 @@ flexible messaging model and an intuitive client 
API.</description>
     <guava.version>33.4.8-jre</guava.version>
     <prometheus-jmx.version>0.16.1</prometheus-jmx.version>
     <confluent.version>7.9.2</confluent.version>
-    <aircompressor.version>0.27</aircompressor.version>
+    <aircompressor.version>2.0.3</aircompressor.version>
     <asynchttpclient.version>2.12.4</asynchttpclient.version>
     <commons-lang3.version>3.19.0</commons-lang3.version>
     <commons-io.version>2.21.0</commons-io.version>

Reply via email to