xiangfu0 opened a new pull request, #18015: URL: https://github.com/apache/pinot/pull/18015
## Summary - Bumps `lz4-java` from 1.8.0 to 1.8.1 to fix Dependabot alert #299: out-of-bounds memory operations in LZ4 Java compression that can cause DoS. - Pinot uses `LZ4Factory.safeDecompressor()` extensively for segment compression/decompression in `pinot-segment-local`. ## Test plan - [ ] Verify Maven build succeeds with lz4-java 1.8.1 - [ ] Run pinot-segment-local unit tests (LZ4 compression paths) 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
