rmoff opened a new pull request, #15440: URL: https://github.com/apache/iceberg/pull/15440
## Summary - Force `io.airlift:aircompressor` to 2.0.3 in the Kafka Connect runtime distribution to fix [CVE-2025-67721](https://nvd.nist.gov/vuln/detail/CVE-2025-67721) (HIGH severity) - Update version references in LICENSE files for both main and hive distributions Closes #15378 ## Trivy scan (after fix) ``` aircompressor-2.0.3.jar │ jar │ 0 │ ``` No HIGH or CRITICAL vulnerabilities found across the entire distribution. ## Test plan - [x] `./gradlew :iceberg-kafka-connect:iceberg-kafka-connect-runtime:dependencies` confirms all `aircompressor` paths resolve to 2.0.3 - [x] `trivy rootfs` scan of built distribution shows 0 HIGH/CRITICAL CVEs -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
