[jira] [Created] (KAFKA-20054) Critical Security Vulnerability reported for the dependency lz4-java-1.8.0 jar used in Kafka-clients

Ashokkumar (Jira) Fri, 09 Jan 2026 03:40:20 -0800

Ashokkumar created KAFKA-20054:
----------------------------------

             Summary: Critical Security Vulnerability reported for the 
dependency lz4-java-1.8.0 jar used in Kafka-clients
                 Key: KAFKA-20054
                 URL: https://issues.apache.org/jira/browse/KAFKA-20054
             Project: Kafka
          Issue Type: Bug
            Reporter: Ashokkumar



Hello Team,

There is a Critical Security Vulnerability reported for the dependency 
lz4-java-1.8.0 jar used in Kafka-clients project 
[CVE-2025-66566](https://www.cve.org/CVERecord?id=CVE-2025-66566)
[CVE-2025-12183](https://www.cve.org/CVERecord?id=CVE-2025-12183)

As the lz4 code is now moved to a new package structure and also the latest 
code base of Kafka-clients is already using it, is there a date where we can 
get an updated jar into Maven which will incorporate this fix ?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (KAFKA-20054) Critical Security Vulnerability reported for the dependency lz4-java-1.8.0 jar used in Kafka-clients

Reply via email to