Open echopairs opened 2 years ago
Lz4-java relies on the open source software LZ4, which has a CVE vulnerability, whether this vulnerability affects LZ4-Java
https://nvd.nist.gov/vuln/detail/CVE-2021-3520
@odaira I see that you have upgraded the version of lz4 to 1.9.4 (which fixes this vulnerability https://github.com/lz4/lz4/pull/972 ). Are there any plans to release a new version soon?
Lz4-java relies on the open source software LZ4, which has a CVE vulnerability, whether this vulnerability affects LZ4-Java