ZOOKEEPER-4751: Update snappy-java to 1.1.10.5 to address CVE-2023-43642

snappy-java 1.1.10.1 contains CVE-2023-43642 . Upgrade the dependency to 1.1.10.5 to get rid of the CVE. see https://issues.apache.org/jira/browse/ZOOKEEPER-4751 Author: Lari Hotari <[email protected]> Reviewers: Andor Molnar <[email protected]>, Damien Diederen <[email protected]> Closes #2072 from lhotari/ZOOKEEPER-4751
apache · Oct 3, 2023 · 35a9441 · 35a9441
1 parent e2070be
commit 35a9441
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 1 deletion.
diff --git a/pom.xml b/pom.xml
@@ -563,7 +563,7 @@
     <jetty.version>9.4.51.v20230217</jetty.version>
     <jackson.version>2.15.2</jackson.version>
     <jline.version>2.14.6</jline.version>
-    <snappy.version>1.1.10.1</snappy.version>
+    <snappy.version>1.1.10.5</snappy.version>
     <kerby.version>2.0.0</kerby.version>
     <bouncycastle.version>1.75</bouncycastle.version>
     <commons-collections.version>4.4</commons-collections.version>

diff --git a/.../lib/snappy-java-1.1.10.1.jar_LICENSE.txt → .../lib/snappy-java-1.1.10.5.jar_LICENSE.txt b/.../lib/snappy-java-1.1.10.1.jar_LICENSE.txt → .../lib/snappy-java-1.1.10.5.jar_LICENSE.txt