[CASSANDRA-18878] Upgrade snappy java library - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: High
Resolution: Fixed
Fix Version/s: 3.0.30, 3.11.17, 4.0.12, 4.1.4, 5.0-alpha2, 5.0, 5.1
Component/s: Local/Commit Log, Messaging/Internode
Labels:
None

Change Category:
Operability
Complexity:
Low Hanging Fruit
Platform:

All
Impacts:

None
Source Control Link:

https://github.com/apache/cassandra/commit/dc7234134cb20af4f10b41eab57bd5312fd0e6f1
Test and Documentation Plan:

Hide

Run CI, documentation is not required

Show
Run CI, documentation is not required

Description

The snappy java library needs to be updated to fix the latest CVEs.
https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv

Attachments

Issue Links

is duplicated by

CASSANDRA-18886 snappy-java-1.1.10.1 vulnerability: CVE-2023-43642

Resolved

links to

GitHub Pull Request #2728

GitHub Pull Request #2730

GitHub Pull Request #2741

GitHub Pull Request #2742

GitHub Pull Request #2743

GitHub Pull Request #2744

(2 links to)

Activity

People

Assignee:: Maxim Muzafarov

Reporter:: Maxim Muzafarov

Authors:: Maxim Muzafarov

Reviewers:: Brandon Williams, Stefan Miklosovic

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 25/Sep/23 10:30

Updated:: 01/Nov/23 08:54

Resolved:: 27/Sep/23 19:17

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

2h 20m