From 9ee5e88bc19abb32f4a69b984fe0e82c4613eda9 Mon Sep 17 00:00:00 2001
From: maximthomas <maxim.thomas@gmail.com>
Date: Tue, 9 Dec 2025 16:03:25 +0300
Subject: [PATCH] CVE-2025-12183 CVE-2025-66566 LZ4 vulnerabilities

---
 cassandra-embedded/pom.xml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/cassandra-embedded/pom.xml b/cassandra-embedded/pom.xml
index e5f9db518..4c965afb7 100644
--- a/cassandra-embedded/pom.xml
+++ b/cassandra-embedded/pom.xml
@@ -69,11 +69,17 @@
 		    <groupId>org.apache.cassandra</groupId>
 		    <artifactId>cassandra-all</artifactId>
 		    <version>4.1.3</version>
+			<exclusions>
+				<exclusion>
+					<groupId>org.lz4</groupId>
+					<artifactId>lz4-java</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
-		    <groupId>org.lz4</groupId>
-		    <artifactId>lz4-java</artifactId>
-		    <version>1.8.0</version>
+			<groupId>at.yawk.lz4</groupId>
+			<artifactId>lz4-java</artifactId>
+			<version>1.10.1</version>
 		</dependency>
 		<dependency>
 		    <groupId>org.xerial.snappy</groupId>