GH-5052: use more recent version of snappy to fix CVEs (#5065)

barthanssens · web-flow · commit 9aab536d6a16 · 2024-07-09T13:43:45.000+02:00
GH-5052: upgrade snappy dependency to fix CVE
diff --git a/core/sail/solr/pom.xml b/core/sail/solr/pom.xml
@@ -14,6 +14,8 @@
 		<enforce-javaee-provided.fail>false</enforce-javaee-provided.fail>
 		<!-- use at least 3.7 to fix CVE -->
 		<zookeeper.version>3.7.2</zookeeper.version>
+		<!-- use ay least 1.1.10.4 to fix CVEs -->
+		<snappy.version>1.1.10.5</snappy.version>
 	</properties>
 	<dependencies>
 		<!-- use at least zookeeper 3.7.2 to fix CVE, can be removed if solr provides a newer version -->
@@ -27,7 +29,12 @@
 			<artifactId>zookeeper-jute</artifactId>
 			<version>${zookeeper.version}</version>
 		</dependency>
-		<!-- -->
+		<!-- use at least snappy 1.1.10.4 to fix CVEs, can be removed if solr provides a newer version -->
+		<dependency>
+			<groupId>org.xerial.snappy</groupId>
+			<artifactId>snappy-java</artifactId>
+			<version>${snappy.version}</version>
+		</dependency>
 		<dependency>
 			<groupId>${project.groupId}</groupId>
 			<artifactId>rdf4j-sail-lucene-api</artifactId>
