[jira] [Resolved] (HBASE-29740) Upgrade lz4-java to 1.8.1+

[Duo Zhang (Jira)]

     [ 
https://issues.apache.org/jira/browse/HBASE-29740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Duo Zhang resolved HBASE-29740.
-------------------------------
    Fix Version/s: 2.7.0
                   3.0.0-beta-2
                   2.6.5
                   2.5.14
     Hadoop Flags: Reviewed
     Release Note: Upgrade lz4-java to 1.10.1 for addressing CVE‐2025‐12183 and 
CVE-2025-66566.
       Resolution: Fixed

> Upgrade lz4-java to 1.8.1+
> --------------------------
>
>                 Key: HBASE-29740
>                 URL: https://issues.apache.org/jira/browse/HBASE-29740
>             Project: HBase
>          Issue Type: Task
>          Components: security
>            Reporter: Duo Zhang
>            Assignee: Xiao Liu
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.7.0, 3.0.0-beta-2, 2.6.5, 2.5.14
>
>
> For addressing CVE-2025-12183.
> The official lz4-java project has been discontinued, we have to move to a 
> community fork https://github.com/yawkat/lz4-java.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)