(pulsar) branch branch-4.1 updated: [fix][sec] Upgrade aircompressor to 2.0.3 to resolve CVE-2025-67721 (#25256)

Tue, 24 Feb 2026 16:37:38 -0800 

This is an automated email from the ASF dual-hosted git repository.

mmerli pushed a commit to branch branch-4.1
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-4.1 by this push:
     new 5454031502a [fix][sec] Upgrade aircompressor to 2.0.3 to resolve 
CVE-2025-67721 (#25256)
5454031502a is described below

commit 5454031502a7c3d20000cce73615869976e85e2b
Author: Lari Hotari <[email protected]>
AuthorDate: Wed Feb 25 02:36:13 2026 +0200

    [fix][sec] Upgrade aircompressor to 2.0.3 to resolve CVE-2025-67721 (#25256)
---
 distribution/server/src/assemble/LICENSE.bin.txt | 2 +-
 distribution/shell/src/assemble/LICENSE.bin.txt  | 2 +-
 pom.xml                                          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt 
b/distribution/server/src/assemble/LICENSE.bin.txt
index 8c7facb16eb..a571e17c179 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -390,7 +390,7 @@ The Apache Software License, Version 2.0
     - org.apache.httpcomponents-httpclient-4.5.13.jar
     - org.apache.httpcomponents-httpcore-4.4.15.jar
  * AirCompressor
-    - io.airlift-aircompressor-0.27.jar
+    - io.airlift-aircompressor-2.0.3.jar
  * AsyncHttpClient
     - org.asynchttpclient-async-http-client-2.12.4.jar
     - org.asynchttpclient-async-http-client-netty-utils-2.12.4.jar
diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt 
b/distribution/shell/src/assemble/LICENSE.bin.txt
index 3b4da14aeb2..60e52b3aec4 100644
--- a/distribution/shell/src/assemble/LICENSE.bin.txt
+++ b/distribution/shell/src/assemble/LICENSE.bin.txt
@@ -395,7 +395,7 @@ The Apache Software License, Version 2.0
     - cpu-affinity-4.17.3.jar
     - circe-checksum-4.17.3.jar
   * AirCompressor
-     - aircompressor-0.27.jar
+     - aircompressor-2.0.3.jar
  * AsyncHttpClient
     - async-http-client-2.12.4.jar
     - async-http-client-netty-utils-2.12.4.jar
diff --git a/pom.xml b/pom.xml
index 9ef28565827..f93480a52bf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -260,7 +260,7 @@ flexible messaging model and an intuitive client 
API.</description>
     <jcip.version>1.0</jcip.version>
     <prometheus-jmx.version>0.16.1</prometheus-jmx.version>
     <confluent.version>7.9.2</confluent.version>
-    <aircompressor.version>0.27</aircompressor.version>
+    <aircompressor.version>2.0.3</aircompressor.version>
     <asynchttpclient.version>2.12.4</asynchttpclient.version>
     <commons-lang3.version>3.19.0</commons-lang3.version>
     <commons-io.version>2.21.0</commons-io.version>

Reply via email to