Skip to content

[Hotfix] Update lz4-java to 1.10.3#27535

Open
eschcam wants to merge 1 commit intoapache:masterfrom
Nordix:bump-lz4
Open

[Hotfix] Update lz4-java to 1.10.3#27535
eschcam wants to merge 1 commit intoapache:masterfrom
Nordix:bump-lz4

Conversation

@eschcam
Copy link

@eschcam eschcam commented Feb 5, 2026

What is the purpose of the change

lz4-java 1.8.0 has the following CVEs:

It has also been relocated to at.yawk.lz4

Brief change log

  • Update lz4-java to 1.10.3

Verifying this change

Passes local tests

Does this pull request potentially affect one of the following parts:

  • Dependencies (does it add or upgrade a dependency): yes
  • The public API, i.e., is any changed class annotated with @Public(Evolving): no
  • The serializers: no
  • The runtime per-record code paths (performance sensitive): no
  • Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no
  • The S3 file system connector: no

Documentation

  • Does this pull request introduce a new feature? no
  • If yes, how is the feature documented? not applicable

@flinkbot
Copy link
Collaborator

flinkbot commented Feb 5, 2026
edited
Loading

CI report:

Bot commands The @flinkbot bot supports the following commands:
  • @flinkbot run azure re-run the last Azure build

@eschcam
Copy link
Author

eschcam commented Feb 5, 2026

@flinkbot run azure

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eschcam @flinkbot