[
https://issues.apache.org/jira/browse/FLINK-39139?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Cameron updated FLINK-39139:
----------------------------
Description:
lz4-java 1.8.0 has the following CVEs:
* [CVE-2025-66566|https://www.cve.org/CVERecord?id=CVE-2025-66566]
* [CVE-2025-12183|https://www.cve.org/CVERecord?id=CVE-2025-12183]
Updating lz4-java to 1.10.3 resolves the CVE
It has also been relocated to at.yawk.lz4
was:
lz4-java 1.8.0 has the following CVEs:
* [CVE-2025-66566|https://www.cve.org/CVERecord?id=CVE-2025-66566]
* [CVE-2025-12183|https://www.cve.org/CVERecord?id=CVE-2025-12183]
It has also been relocated to at.yawk.lz4
> Update lz4-java to 1.10.3
> -------------------------
>
> Key: FLINK-39139
> URL: https://issues.apache.org/jira/browse/FLINK-39139
> Project: Flink
> Issue Type: Improvement
> Reporter: Cameron
> Priority: Major
>
> lz4-java 1.8.0 has the following CVEs:
> * [CVE-2025-66566|https://www.cve.org/CVERecord?id=CVE-2025-66566]
> * [CVE-2025-12183|https://www.cve.org/CVERecord?id=CVE-2025-12183]
> Updating lz4-java to 1.10.3 resolves the CVE
> It has also been relocated to at.yawk.lz4
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
