[jira] [Commented] (KAFKA-17301) lz4-java is not maintained anymore

Mickael Maison (Jira) Thu, 08 Aug 2024 05:40:24 -0700


    [ 
https://issues.apache.org/jira/browse/KAFKA-17301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17871992#comment-17871992
 ]


Mickael Maison commented on KAFKA-17301:
----------------------------------------

Feel free to grab this ticket.

I just created this ticket to report the issue, you'll need to propose what to 
do. Is there an alternative library we could use? If not what do we do with lz4?

> lz4-java is not maintained anymore
> ----------------------------------
>
>                 Key: KAFKA-17301
>                 URL: https://issues.apache.org/jira/browse/KAFKA-17301
>             Project: Kafka
>          Issue Type: Task
>            Reporter: Mickael Maison
>            Priority: Major
>
> lz4-java has not made a release since June 2021. It still depends on lz4 
> 1.9.3 which has a critical (however it does not seem exploitable in our case) 
> CVE: [CVE-2021-3520|https://nvd.nist.gov/vuln/detail/CVE-2021-3520].



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KAFKA-17301) lz4-java is not maintained anymore

Reply via email to