[jira] [Created] (HBASE-29816) Bump lz4-java dependency to 1.8.1 for CVE-2025-12183

[Andrew Kyle Purtell (Jira)]

Andrew Kyle Purtell created HBASE-29816:
-------------------------------------------

             Summary: Bump lz4-java dependency to 1.8.1 for CVE-2025-12183
                 Key: HBASE-29816
                 URL: https://issues.apache.org/jira/browse/HBASE-29816
             Project: HBase
          Issue Type: Bug
          Components: compression
    Affects Versions: 2.5.13, 2.6.4, 3.0.0-beta-1, 4.0.0-alpha-1
            Reporter: Andrew Kyle Purtell
            Assignee: Andrew Kyle Purtell


CVE-2025-12183 is a high scoring vulnerability in lz4-java present in versions 
up to 1.8.0. Upgrade this dependency to 1.8.1. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)