Re: [PR] chore: Update lz4 to address CVE-2025-12183 [uniffle]

via GitHub Wed, 03 Dec 2025 00:33:06 -0800


LuciferYang commented on code in PR #2693:
URL: https://github.com/apache/uniffle/pull/2693#discussion_r2584120138



##########
pom.xml:
##########
@@ -703,9 +703,9 @@
       </dependency>
 
       <dependency>
-        <groupId>net.jpountz.lz4</groupId>
-        <artifactId>lz4</artifactId>
-        <version>1.3.0</version>
+        <groupId>org.lz4</groupId>
+        <artifactId>lz4-java</artifactId>
+        <version>1.8.1</version>

Review Comment:
   Judging from the release notes, does the latest version mitigate some of the 
negative performance impacts caused by the fix for CVE‐2025‐12183?
   
   https://github.com/yawkat/lz4-java/releases
   
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] chore: Update lz4 to address CVE-2025-12183 [uniffle]

Reply via email to