This is an automated email from the ASF dual-hosted git repository.
symat pushed a commit to branch branch-3.8
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/branch-3.8 by this push:
new 5b32c6dcc ZOOKEEPER-4707: Upgrade snappy-java to address multiple CVEs
(#2014)
5b32c6dcc is described below
commit 5b32c6dcce9e43c09e5d0ebd1437b4169458dac2
Author: Lari Hotari <[email protected]>
AuthorDate: Tue Jul 4 13:51:41 2023 +0300
ZOOKEEPER-4707: Upgrade snappy-java to address multiple CVEs (#2014)
Address multiple CVEs:
CVE-2023-34453
CVE-2023-34454
CVE-2023-34455
See https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1
(cherry picked from commit 4661437a16c5307a041f3a8e14d34d186388aafd)
---
pom.xml | 2 +-
...ava-1.1.9.1.jar_LICENSE.txt => snappy-java-1.1.10.1.jar_LICENSE.txt} | 0
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 9ffd88fc8..d9863ab6b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -471,7 +471,7 @@
<jetty.version>9.4.51.v20230217</jetty.version>
<jackson.version>2.15.2</jackson.version>
<jline.version>2.14.6</jline.version>
- <snappy.version>1.1.9.1</snappy.version>
+ <snappy.version>1.1.10.1</snappy.version>
<kerby.version>2.0.0</kerby.version>
<bouncycastle.version>1.60</bouncycastle.version>
<commons-collections.version>4.4</commons-collections.version>
diff --git
a/zookeeper-server/src/main/resources/lib/snappy-java-1.1.9.1.jar_LICENSE.txt
b/zookeeper-server/src/main/resources/lib/snappy-java-1.1.10.1.jar_LICENSE.txt
similarity index 100%
rename from
zookeeper-server/src/main/resources/lib/snappy-java-1.1.9.1.jar_LICENSE.txt
rename to
zookeeper-server/src/main/resources/lib/snappy-java-1.1.10.1.jar_LICENSE.txt
