(pulsar) branch branch-4.0 updated: [fix][sec] Upgrade aircompressor to 2.0.3 to resolve CVE-2025-67721 (#25256)

Tue, 24 Feb 2026 16:38:14 -0800 

This is an automated email from the ASF dual-hosted git repository.

mmerli pushed a commit to branch branch-4.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-4.0 by this push:
     new 274a35924ad [fix][sec] Upgrade aircompressor to 2.0.3 to resolve 
CVE-2025-67721 (#25256)
274a35924ad is described below

commit 274a35924adf0350a3da7d9fb513008bf42a669c
Author: Lari Hotari <[email protected]>
AuthorDate: Wed Feb 25 02:36:13 2026 +0200

    [fix][sec] Upgrade aircompressor to 2.0.3 to resolve CVE-2025-67721 (#25256)
---
 distribution/server/src/assemble/LICENSE.bin.txt | 2 +-
 distribution/shell/src/assemble/LICENSE.bin.txt  | 2 +-
 pom.xml                                          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt 
b/distribution/server/src/assemble/LICENSE.bin.txt
index 5749ddeb743..d56ac347495 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -390,7 +390,7 @@ The Apache Software License, Version 2.0
     - org.apache.httpcomponents-httpclient-4.5.13.jar
     - org.apache.httpcomponents-httpcore-4.4.15.jar
  * AirCompressor
-    - io.airlift-aircompressor-0.27.jar
+    - io.airlift-aircompressor-2.0.3.jar
  * AsyncHttpClient
     - org.asynchttpclient-async-http-client-2.12.4.jar
     - org.asynchttpclient-async-http-client-netty-utils-2.12.4.jar
diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt 
b/distribution/shell/src/assemble/LICENSE.bin.txt
index 1a1557247dc..b0f84cafa47 100644
--- a/distribution/shell/src/assemble/LICENSE.bin.txt
+++ b/distribution/shell/src/assemble/LICENSE.bin.txt
@@ -395,7 +395,7 @@ The Apache Software License, Version 2.0
     - cpu-affinity-4.17.3.jar
     - circe-checksum-4.17.3.jar
   * AirCompressor
-     - aircompressor-0.27.jar
+     - aircompressor-2.0.3.jar
  * AsyncHttpClient
     - async-http-client-2.12.4.jar
     - async-http-client-netty-utils-2.12.4.jar
diff --git a/pom.xml b/pom.xml
index b733623e25c..797cc1409f0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -257,7 +257,7 @@ flexible messaging model and an intuitive client 
API.</description>
     <jcip.version>1.0</jcip.version>
     <prometheus-jmx.version>0.16.1</prometheus-jmx.version>
     <confluent.version>7.9.2</confluent.version>
-    <aircompressor.version>0.27</aircompressor.version>
+    <aircompressor.version>2.0.3</aircompressor.version>
     <asynchttpclient.version>2.12.4</asynchttpclient.version>
     <commons-lang3.version>3.19.0</commons-lang3.version>
     <commons-io.version>2.21.0</commons-io.version>

Reply via email to