This is an automated email from the ASF dual-hosted git repository.
dlmarion pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/accumulo.git
The following commit(s) were added to refs/heads/main by this push:
new df479238f9 Upgrade lz4-java dependency (#6000)
df479238f9 is described below
commit df479238f94375a2f0d2738a748957468d0dfc89
Author: Dave Marion <[email protected]>
AuthorDate: Fri Dec 5 07:59:26 2025 -0500
Upgrade lz4-java dependency (#6000)
The lz4-java dependency, which is only used in PropertyTest,
was flagged due to CVE-2025-12183. This changes the
dependency in accordance with the recommendation at
https://sites.google.com/sonatype.com/vulnerabilities/cve-2025-12183
---
core/pom.xml | 12 ++++++------
pom.xml | 2 +-
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/core/pom.xml b/core/pom.xml
index cce0712dd4..cf93b91f1d 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -146,6 +146,12 @@
<artifactId>hadoop-client-runtime</artifactId>
<scope>runtime</scope>
</dependency>
+ <dependency>
+ <groupId>at.yawk.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ <version>1.8.1</version>
+ <scope>test</scope>
+ </dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client-minicluster</artifactId>
@@ -187,12 +193,6 @@
<artifactId>junit-jupiter-params</artifactId>
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>org.lz4</groupId>
- <artifactId>lz4-java</artifactId>
- <version>1.7.1</version>
- <scope>test</scope>
- </dependency>
</dependencies>
<build>
<testResources>
diff --git a/pom.xml b/pom.xml
index 8cab66ba6b..c708392f0f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -975,7 +975,7 @@ under the License.
<unused>org.apache.logging.log4j:log4j-web:jar:*</unused>
<unused>org.junit.jupiter:junit-jupiter-engine:jar:*</unused>
<unused>org.junit.platform:junit-platform-suite-engine:jar:*</unused>
- <unused>org.lz4:lz4-java:jar:*</unused>
+ <unused>at.yawk.lz4:lz4-java:jar:*</unused>
</ignoredUnusedDeclaredDependencies>
</configuration>
</execution>
