CVE-2021-3520 Whether the vulnerability affects LZ4-Java

Question

CVE-2021-3520 Whether the vulnerability affects LZ4-Java

echopairs opened this issue 2 years ago · 2 comments

Lz4-java relies on the open source software LZ4, which has a CVE vulnerability, whether this vulnerability affects LZ4-Java

Answer 1 · 2022-06-30T03:16:09.000Z

https://nvd.nist.gov/vuln/detail/CVE-2021-3520

Answer 2 · 2023-07-07T03:20:16.000Z

@odaira I see that you have upgraded the version of lz4 to 1.9.4 (which fixes this vulnerability lz4/lz4#972 ). Are there any plans to release a new version soon?