This is an automated email from the ASF dual-hosted git repository.
jongyoul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new 9e2c1c670e org.lz4:lz4-java:1.6.0 sufferes from the vulnerabilites
which the C library lz4(version:1.9.1) exposed, containing the following 2
CVEs: CVE-2021-3520, CVE-2019-17543. (#4354)
9e2c1c670e is described below
commit 9e2c1c670ea647f71fdecc63fab07499815c085a
Author: HelenParr <103260963+helenp...@users.noreply.github.com>
AuthorDate: Thu Apr 14 11:05:29 2022 +0800
org.lz4:lz4-java:1.6.0 sufferes from the vulnerabilites which the C library
lz4(version:1.9.1) exposed, containing the following 2 CVEs: CVE-2021-3520,
CVE-2019-17543. (#4354)
---
cassandra/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cassandra/pom.xml b/cassandra/pom.xml
index a0d9928f0c..b201020b11 100644
--- a/cassandra/pom.xml
+++ b/cassandra/pom.xml
@@ -33,7 +33,7 @@
<properties>
<cassandra.driver.version>4.8.0</cassandra.driver.version>
<snappy.version>1.1.7.3</snappy.version>
- <lz4.version>1.6.0</lz4.version>
+ <lz4.version>1.7.0</lz4.version>
<scalate.version>1.7.1</scalate.version>
<!-- test library versions -->
