(hadoop) branch branch-3.4 updated: HADOOP-19747. Switch to at.yawk.lz4:lz4-java:1.10.2 due to CVE-2025-66566 (#8176) Contributed by PJ Fanning

slfan1989 Sun, 18 Jan 2026 03:10:04 -0800

This is an automated email from the ASF dual-hosted git repository.

slfan1989 pushed a commit to branch branch-3.4
in repository https://gitbox.apache.org/repos/asf/hadoop.git



The following commit(s) were added to refs/heads/branch-3.4 by this push:
     new fa41b7c6e94 HADOOP-19747. Switch to at.yawk.lz4:lz4-java:1.10.2 due to 
CVE-2025-66566 (#8176) Contributed by PJ Fanning
fa41b7c6e94 is described below

commit fa41b7c6e94a094864664ffb0e555dadd85f61a8
Author: PJ Fanning <[email protected]>
AuthorDate: Sun Jan 18 12:09:20 2026 +0100

    HADOOP-19747. Switch to at.yawk.lz4:lz4-java:1.10.2 due to CVE-2025-66566 
(#8176) Contributed by PJ Fanning
    
    * HADOOP-19747. Switch to at.yawk.lz4:lz4-java:1.10.2 due to CVE-2025-66566
    
    Signed-off-by: Shilun Fan <[email protected]>
---
 LICENSE-binary         | 2 +-
 hadoop-project/pom.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index 252618d3aac..058cd8b83c5 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -213,7 +213,7 @@ 
hadoop-hdfs-project/hadoop-hdfs/src/main/webapps/static/nvd3-1.8.5.* (css and js
 
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/checker/AbstractFuture.java
 
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/checker/TimeoutFuture.java
 
-at.yawk.lz4:lz4-java:1.9.0
+at.yawk.lz4:lz4-java:1.10.2
 ch.qos.reload4j:reload4j:1.2.22
 com.aliyun:aliyun-java-core:0.2.11-beta
 com.aliyun:aliyun-java-sdk-core:4.5.10
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index 808a5abadfb..acc9a50bbb8 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -146,7 +146,7 @@
     <metrics.version>3.2.4</metrics.version>
     <netty4.version>4.1.127.Final</netty4.version>
     <snappy-java.version>1.1.10.4</snappy-java.version>
-    <lz4-java.version>1.9.0</lz4-java.version>
+    <lz4-java.version>1.10.2</lz4-java.version>
 
     <!-- Maven protoc compiler -->
     <protobuf-maven-plugin.version>0.5.1</protobuf-maven-plugin.version>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(hadoop) branch branch-3.4 updated: HADOOP-19747. Switch to at.yawk.lz4:lz4-java:1.10.2 due to CVE-2025-66566 (#8176) Contributed by PJ Fanning

Reply via email to