(pulsar) branch branch-3.0 updated: [fix][sec] Upgrade aircompressor to 2.0.3 to resolve CVE-2025-67721 (#25256)

Tue, 24 Feb 2026 16:39:02 -0800 

This is an automated email from the ASF dual-hosted git repository.

mmerli pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-3.0 by this push:
     new cdd34ad099b [fix][sec] Upgrade aircompressor to 2.0.3 to resolve 
CVE-2025-67721 (#25256)
cdd34ad099b is described below

commit cdd34ad099b751c2236d133b29bda93bc5a20472
Author: Lari Hotari <[email protected]>
AuthorDate: Wed Feb 25 02:36:13 2026 +0200

    [fix][sec] Upgrade aircompressor to 2.0.3 to resolve CVE-2025-67721 (#25256)
---
 distribution/server/src/assemble/LICENSE.bin.txt | 2 +-
 distribution/shell/src/assemble/LICENSE.bin.txt  | 2 +-
 pom.xml                                          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt 
b/distribution/server/src/assemble/LICENSE.bin.txt
index e53a54dc9fe..5dcb1dc6bf7 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -377,7 +377,7 @@ The Apache Software License, Version 2.0
     - org.apache.httpcomponents-httpclient-4.5.13.jar
     - org.apache.httpcomponents-httpcore-4.4.15.jar
  * AirCompressor
-    - io.airlift-aircompressor-0.27.jar
+    - io.airlift-aircompressor-2.0.3.jar
  * AsyncHttpClient
     - org.asynchttpclient-async-http-client-2.12.4.jar
     - org.asynchttpclient-async-http-client-netty-utils-2.12.4.jar
diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt 
b/distribution/shell/src/assemble/LICENSE.bin.txt
index 4261984bf48..18d6b6c6c40 100644
--- a/distribution/shell/src/assemble/LICENSE.bin.txt
+++ b/distribution/shell/src/assemble/LICENSE.bin.txt
@@ -394,7 +394,7 @@ The Apache Software License, Version 2.0
     - cpu-affinity-4.16.7.jar
     - circe-checksum-4.16.7.jar
   * AirCompressor
-     - aircompressor-0.27.jar
+     - aircompressor-2.0.3.jar
  * AsyncHttpClient
     - async-http-client-2.12.4.jar
     - async-http-client-netty-utils-2.12.4.jar
diff --git a/pom.xml b/pom.xml
index 57d539df215..66707a24e26 100644
--- a/pom.xml
+++ b/pom.xml
@@ -213,7 +213,7 @@ flexible messaging model and an intuitive client 
API.</description>
     <jcip.version>1.0</jcip.version>
     <prometheus-jmx.version>0.16.1</prometheus-jmx.version>
     <confluent.version>7.9.2</confluent.version>
-    <aircompressor.version>0.27</aircompressor.version>
+    <aircompressor.version>2.0.3</aircompressor.version>
     <asynchttpclient.version>2.12.4</asynchttpclient.version>
     <jcommander.version>1.82</jcommander.version>
     <commons-lang3.version>3.18.0</commons-lang3.version>

Reply via email to