Skip to content
This repository was archived by the owner on Dec 2, 2025. It is now read-only.
This repository was archived by the owner on Dec 2, 2025. It is now read-only.

Query : What are the upgrade plans on lz4-java for vulnerability CVE-2021-3520 on lz4 #221

Open
Open
Query : What are the upgrade plans on lz4-java for vulnerability CVE-2021-3520 on lz4#221
@Nazima-Begum

Description

@Nazima-Begum
Nazima-Begum
opened on Jul 11, 2024

There is a vulnerability on lz4 :
https://ciam.cisco.com/corona/cves/CVE-2021-3520/
https://nvd.nist.gov/vuln/detail/CVE-2021-3520
And the fix is available in lz4-1.9.4.

Current latest version available for lz4-java is 1.8.0
Are there any plans to upgrade lz4-java , which uses lz4-1.9.4(fixed version) ?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions