select at.yark.lz4:lz4-java:1.8.1 when org.lz4:lz4-java:1.8.1 redirects to it.

Author: DibyojyotiS

test-consumer/build.gradle.kts

@@ -82,3 +82,15 @@ tasks.register("verifyResolution") {
 tasks.check {
   dependsOn("verifyResolution")
 }
+
+
+// Handle lz4-java redirect capability conflict:
+// Sonatype added a redirect from org.lz4:lz4-java:1.8.1 -> at.yawk.lz4:lz4-java:1.8.1 to address CVE-2025-12183.
+// Both artifacts declare the same capability, causing a conflict when upgrading from Kafka's org.lz4:lz4-java:1.8.0.
+// This resolution strategy tells Gradle to automatically select the highest version when this conflict occurs.
+configurations.all {
+  resolutionStrategy.capabilitiesResolution.withCapability("org.lz4:lz4-java") {
+    select("at.yawk.lz4:lz4-java:1.8.1")
+    because("Both org.lz4 and at.yawk.lz4 provide lz4-java due to Sonatype redirect")
+  }
+}