[jira] [Resolved] (HBASE-29816) Bump lz4-java dependency to 1.8.1 for CVE-2025-12183

Andrew Kyle Purtell (Jira) Thu, 08 Jan 2026 13:38:09 -0800


     [ 
https://issues.apache.org/jira/browse/HBASE-29816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andrew Kyle Purtell resolved HBASE-29816.
-----------------------------------------
      Assignee:     (was: Andrew Kyle Purtell)
    Resolution: Duplicate

After refreshing git I see that we've switch to the community supported version 
of lz4-java and don't need this upgrade.

> Bump lz4-java dependency to 1.8.1 for CVE-2025-12183
> ----------------------------------------------------
>
>                 Key: HBASE-29816
>                 URL: https://issues.apache.org/jira/browse/HBASE-29816
>             Project: HBase
>          Issue Type: Bug
>          Components: compression
>    Affects Versions: 3.0.0-beta-1, 4.0.0-alpha-1, 2.6.4, 2.5.13
>            Reporter: Andrew Kyle Purtell
>            Priority: Minor
>
> CVE-2025-12183 is a high scoring vulnerability in lz4-java present in 
> versions up to 1.8.0. Upgrade this dependency to 1.8.1. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (HBASE-29816) Bump lz4-java dependency to 1.8.1 for CVE-2025-12183

Reply via email to