[zookeeper] branch branch-3.7 updated: ZOOKEEPER-4707: Upgrade snappy-java to address multiple CVEs (#2014)

[symat]

This is an automated email from the ASF dual-hosted git repository.

symat pushed a commit to branch branch-3.7
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/branch-3.7 by this push:
     new 1115968c6 ZOOKEEPER-4707: Upgrade snappy-java to address multiple CVEs 
(#2014)
1115968c6 is described below

commit 1115968c60c62597431fb168de1d8de8c939ae64
Author: Lari Hotari <lhot...@users.noreply.github.com>
AuthorDate: Tue Jul 4 13:51:41 2023 +0300

    ZOOKEEPER-4707: Upgrade snappy-java to address multiple CVEs (#2014)
    
    Address multiple CVEs:
    CVE-2023-34453
    CVE-2023-34454
    CVE-2023-34455
    
    See https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1
    
    (cherry picked from commit 4661437a16c5307a041f3a8e14d34d186388aafd)
---
 pom.xml                                                                 | 2 +-
 ...ava-1.1.9.1.jar_LICENSE.txt => snappy-java-1.1.10.1.jar_LICENSE.txt} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 5806fc062..4f645cf75 100644
--- a/pom.xml
+++ b/pom.xml
@@ -441,7 +441,7 @@
     <jetty.version>9.4.49.v20220914</jetty.version>
     <jackson.version>2.15.2</jackson.version>
     <jline.version>2.14.6</jline.version>
-    <snappy.version>1.1.9.1</snappy.version>
+    <snappy.version>1.1.10.1</snappy.version>
     <kerby.version>2.0.0</kerby.version>
     <bouncycastle.version>1.60</bouncycastle.version>
     <commons-collections.version>4.4</commons-collections.version>
diff --git 
a/zookeeper-server/src/main/resources/lib/snappy-java-1.1.9.1.jar_LICENSE.txt 
b/zookeeper-server/src/main/resources/lib/snappy-java-1.1.10.1.jar_LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/snappy-java-1.1.9.1.jar_LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/snappy-java-1.1.10.1.jar_LICENSE.txt