Standardise on at.yawk lz4-java 1.10.1#27892
Conversation
|
Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to cla@trino.io. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla |
github-actions
bot
added
clickhouse
stecurran-est-tech
force-pushed
the
fix/CVE_lz4
branch
from
32325e6 to
f385a94
Compare
|
Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to cla@trino.io. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla |
|
@cla-bot check |
|
Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to cla@trino.io. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla |
|
The cla-bot has been summoned, and re-checked this pull request! |
stecurran-est-tech
force-pushed
the
fix/CVE_lz4
branch
from
f385a94 to
a1dee41
Compare
|
Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to cla@trino.io. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla |
|
@cla-bot check |
|
The cla-bot has been summoned, and re-checked this pull request! |
|
@stecurran-est-tech Could you squash commits into one? Please note that each commit should pass CI. |
Replacing org.lz4:lz4-java 1.8.1and removing old transitive LZ4 dependencies from Kafka, Hadoop, Elasticsearch and Pinot. This fixes classpath conflicts, addresses CVE-2025-66566, and resolves NoClassDefFoundError: net/jpountz/lz4/LZ4Factory in trino-hive tests. Signed-off-by: Stephen Curran <stephen.curran@est.tech>
stecurran-est-tech
force-pushed
the
fix/CVE_lz4
branch
from
a1dee41 to
44badac
Compare
|
@chenjian2664 Thanks for reviewing. I have squashed commits into one @ebyhr Apologies, I only seen your message now. |
4 participants
Description
Replace org.lz4:lz4-java 1.8.1 with at.yawk.lz4:lz4-java 1.10.1 and
remove old transitive LZ4 dependencies from Kafka, Hadoop,
Elasticsearch, and Pinot.
Additional context and related issues
This fixes classpath conflicts when specifying 'at.yawk' LZ4-java compression
and addresses CVE-2025-66566.
Release notes
( x) This is not user-visible or is docs only, and no release notes are required.