lz4-java icon indicating copy to clipboard operation
lz4-java copied to clipboard

Published 20 hours ago verified publisher icon lz4

Query : What are the upgrade plans on lz4-java for vulnerability CVE-2021-3520 on lz4

Open Nazima-Begum opened this issue 1 year ago • 1 comments
trafficstars

There is a vulnerability on lz4 : https://ciam.cisco.com/corona/cves/CVE-2021-3520/ https://nvd.nist.gov/vuln/detail/CVE-2021-3520 And the fix is available in lz4-1.9.4.

Current latest version available for lz4-java is 1.8.0 Are there any plans to upgrade lz4-java , which uses lz4-1.9.4(fixed version) ?

Nazima-Begum avatar Jul 11 '24 03:07 Nazima-Begum

Well, it seems that the maintainers of this repo are not active anymore. A new release from a fork repo may be the best solution for now.

See discussion in https://github.com/lz4/lz4-java/issues/217

HTHou avatar Jul 11 '24 03:07 HTHou