This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch camel-4.14.x
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/camel-4.14.x by this push:
new ee08702d04e3 CAMEL-22788: Use new lz4 that is maintained and does not
have CVE (#20477)
ee08702d04e3 is described below
commit ee08702d04e3582b87d9fca25c6a2de037bc2f0f
Author: Claus Ibsen <[email protected]>
AuthorDate: Wed Dec 17 10:46:36 2025 +0100
CAMEL-22788: Use new lz4 that is maintained and does not have CVE (#20477)
* CAMEL-22788: camel-kafka - Use new lz4 that is maintained and does not
have CVE
* CAMEL-22788: camel-flink - Use new lz4 that is maintained and does not
have CVE
* CAMEL-22788: camel-aws2-kinesis - Use new lz4 that is maintained and does
not have CVE
* CAMEL-22788: camel-rocketmq - Use new lz4 that is maintained and does not
have CVE
* CAMEL-22788: camel-debezium - Use new lz4 that is maintained and does not
have CVE
---
components/camel-aws/camel-aws2-kinesis/pom.xml | 11 +++++++++++
.../camel-debezium-common-component/pom.xml | 11 +++++++++++
components/camel-debezium/camel-debezium-common/pom.xml | 9 +++++++++
components/camel-debezium/camel-debezium-db2/pom.xml | 6 ++++++
components/camel-debezium/camel-debezium-mongodb/pom.xml | 6 ++++++
components/camel-debezium/camel-debezium-mysql/pom.xml | 4 ++++
components/camel-debezium/camel-debezium-oracle/pom.xml | 6 ++++++
components/camel-debezium/camel-debezium-postgres/pom.xml | 6 ++++++
components/camel-debezium/camel-debezium-sqlserver/pom.xml | 6 ++++++
components/camel-flink/pom.xml | 9 +++++++++
components/camel-kafka/pom.xml | 11 +++++++++++
components/camel-rocketmq/pom.xml | 11 +++++++++++
parent/pom.xml | 1 +
13 files changed, 97 insertions(+)
diff --git a/components/camel-aws/camel-aws2-kinesis/pom.xml
b/components/camel-aws/camel-aws2-kinesis/pom.xml
index 6efed4b48016..d5a3af7b8987 100644
--- a/components/camel-aws/camel-aws2-kinesis/pom.xml
+++ b/components/camel-aws/camel-aws2-kinesis/pom.xml
@@ -51,6 +51,17 @@
<groupId>software.amazon.kinesis</groupId>
<artifactId>amazon-kinesis-client</artifactId>
<version>${amazon-kinesis-client-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>at.yawk.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ <version>${lz4-java-version}</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
diff --git
a/components/camel-debezium/camel-debezium-common/camel-debezium-common-component/pom.xml
b/components/camel-debezium/camel-debezium-common/camel-debezium-common-component/pom.xml
index 03af23c50c75..166991406075 100644
---
a/components/camel-debezium/camel-debezium-common/camel-debezium-common-component/pom.xml
+++
b/components/camel-debezium/camel-debezium-common/camel-debezium-common-component/pom.xml
@@ -42,6 +42,17 @@
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<version>${kafka-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>at.yawk.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ <version>${lz4-java-version}</version>
</dependency>
<!-- test -->
diff --git a/components/camel-debezium/camel-debezium-common/pom.xml
b/components/camel-debezium/camel-debezium-common/pom.xml
index dbb81afb2638..168f96c839e5 100644
--- a/components/camel-debezium/camel-debezium-common/pom.xml
+++ b/components/camel-debezium/camel-debezium-common/pom.xml
@@ -64,6 +64,10 @@
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -71,6 +75,11 @@
<artifactId>debezium-storage-file</artifactId>
<version>${debezium-version}</version>
</dependency>
+ <dependency>
+ <groupId>at.yawk.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ <version>${lz4-java-version}</version>
+ </dependency>
</dependencies>
</project>
diff --git a/components/camel-debezium/camel-debezium-db2/pom.xml
b/components/camel-debezium/camel-debezium-db2/pom.xml
index 30a575442eba..e0a74f92f31a 100644
--- a/components/camel-debezium/camel-debezium-db2/pom.xml
+++ b/components/camel-debezium/camel-debezium-db2/pom.xml
@@ -43,6 +43,12 @@
<groupId>io.debezium</groupId>
<artifactId>debezium-connector-db2</artifactId>
<version>${debezium-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- test -->
diff --git a/components/camel-debezium/camel-debezium-mongodb/pom.xml
b/components/camel-debezium/camel-debezium-mongodb/pom.xml
index c60f1058a50c..2e0d26542198 100644
--- a/components/camel-debezium/camel-debezium-mongodb/pom.xml
+++ b/components/camel-debezium/camel-debezium-mongodb/pom.xml
@@ -43,6 +43,12 @@
<groupId>io.debezium</groupId>
<artifactId>debezium-connector-mongodb</artifactId>
<version>${debezium-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- test -->
diff --git a/components/camel-debezium/camel-debezium-mysql/pom.xml
b/components/camel-debezium/camel-debezium-mysql/pom.xml
index fafd7cf30eab..0741f1ac652b 100644
--- a/components/camel-debezium/camel-debezium-mysql/pom.xml
+++ b/components/camel-debezium/camel-debezium-mysql/pom.xml
@@ -48,6 +48,10 @@
<groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
</exclusions>
</dependency>
diff --git a/components/camel-debezium/camel-debezium-oracle/pom.xml
b/components/camel-debezium/camel-debezium-oracle/pom.xml
index 9159fe3d1c73..75ba1bf0c964 100644
--- a/components/camel-debezium/camel-debezium-oracle/pom.xml
+++ b/components/camel-debezium/camel-debezium-oracle/pom.xml
@@ -43,6 +43,12 @@
<groupId>io.debezium</groupId>
<artifactId>debezium-connector-oracle</artifactId>
<version>${debezium-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- test -->
diff --git a/components/camel-debezium/camel-debezium-postgres/pom.xml
b/components/camel-debezium/camel-debezium-postgres/pom.xml
index f6b9cb669490..7827e6481f3c 100644
--- a/components/camel-debezium/camel-debezium-postgres/pom.xml
+++ b/components/camel-debezium/camel-debezium-postgres/pom.xml
@@ -43,6 +43,12 @@
<groupId>io.debezium</groupId>
<artifactId>debezium-connector-postgres</artifactId>
<version>${debezium-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- test -->
diff --git a/components/camel-debezium/camel-debezium-sqlserver/pom.xml
b/components/camel-debezium/camel-debezium-sqlserver/pom.xml
index 7d069737bdc9..a5aabc1752ce 100644
--- a/components/camel-debezium/camel-debezium-sqlserver/pom.xml
+++ b/components/camel-debezium/camel-debezium-sqlserver/pom.xml
@@ -43,6 +43,12 @@
<groupId>io.debezium</groupId>
<artifactId>debezium-connector-sqlserver</artifactId>
<version>${debezium-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- test -->
diff --git a/components/camel-flink/pom.xml b/components/camel-flink/pom.xml
index eb3d2b6bf855..3a3110ce1da4 100644
--- a/components/camel-flink/pom.xml
+++ b/components/camel-flink/pom.xml
@@ -72,6 +72,10 @@
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -89,6 +93,11 @@
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>at.yawk.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ <version>${lz4-java-version}</version>
+ </dependency>
<!--testing-->
<dependency>
diff --git a/components/camel-kafka/pom.xml b/components/camel-kafka/pom.xml
index 02595babbf12..7573feec72e0 100644
--- a/components/camel-kafka/pom.xml
+++ b/components/camel-kafka/pom.xml
@@ -48,6 +48,17 @@
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<version>${kafka-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>at.yawk.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ <version>${lz4-java-version}</version>
</dependency>
<dependency>
diff --git a/components/camel-rocketmq/pom.xml
b/components/camel-rocketmq/pom.xml
index 74a8644bfc5e..15d677b3c0ec 100644
--- a/components/camel-rocketmq/pom.xml
+++ b/components/camel-rocketmq/pom.xml
@@ -58,6 +58,17 @@
<groupId>org.apache.rocketmq</groupId>
<artifactId>rocketmq-acl</artifactId>
<version>${rocketmq-version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>at.yawk.lz4</groupId>
+ <artifactId>lz4-java</artifactId>
+ <version>${lz4-java-version}</version>
</dependency>
<dependency>
diff --git a/parent/pom.xml b/parent/pom.xml
index c8a779315c25..5ae3181e3b7e 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -349,6 +349,7 @@
<lucene-version>9.12.0</lucene-version>
<lightcouch-version>0.2.0</lightcouch-version>
<littleproxy-version>2.4.4</littleproxy-version>
+ <lz4-java-version>1.10.2</lz4-java-version>
<mapstruct-version>1.6.3</mapstruct-version>
<!-- needed from tooling/archetypes -->
<maven-version>3.9.11</maven-version>
