This repository was archived by the owner on Dec 2, 2025. It is now read-only.
Query : What are the upgrade plans on lz4-java for vulnerability CVE-2021-3520 on lz4 #221
Description
There is a vulnerability on lz4 :
https://ciam.cisco.com/corona/cves/CVE-2021-3520/
https://nvd.nist.gov/vuln/detail/CVE-2021-3520
And the fix is available in lz4-1.9.4.
Current latest version available for lz4-java is 1.8.0
Are there any plans to upgrade lz4-java , which uses lz4-1.9.4(fixed version) ?