From 9aab536d6a162456cd62c99e0081450371021f66 Mon Sep 17 00:00:00 2001
From: Bart Hanssens <bart.hanssens@bosa.fgov.be>
Date: Tue, 9 Jul 2024 13:43:45 +0200
Subject: [PATCH] GH-5052: use more recent version of snappy to fix CVEs
 (#5065)

GH-5052: upgrade snappy dependency to fix CVE
---
 core/sail/solr/pom.xml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/core/sail/solr/pom.xml b/core/sail/solr/pom.xml
index 0db46098a5..91fbe6b97a 100644
--- a/core/sail/solr/pom.xml
+++ b/core/sail/solr/pom.xml
@@ -14,6 +14,8 @@
 		<enforce-javaee-provided.fail>false</enforce-javaee-provided.fail>
 		<!-- use at least 3.7 to fix CVE -->
 		<zookeeper.version>3.7.2</zookeeper.version>
+		<!-- use ay least 1.1.10.4 to fix CVEs -->
+		<snappy.version>1.1.10.5</snappy.version>
 	</properties>
 	<dependencies>
 		<!-- use at least zookeeper 3.7.2 to fix CVE, can be removed if solr provides a newer version -->
@@ -27,7 +29,12 @@
 			<artifactId>zookeeper-jute</artifactId>
 			<version>${zookeeper.version}</version>
 		</dependency>
-		<!-- -->
+		<!-- use at least snappy 1.1.10.4 to fix CVEs, can be removed if solr provides a newer version -->
+		<dependency>
+			<groupId>org.xerial.snappy</groupId>
+			<artifactId>snappy-java</artifactId>
+			<version>${snappy.version}</version>
+		</dependency>
 		<dependency>
 			<groupId>${project.groupId}</groupId>
 			<artifactId>rdf4j-sail-lucene-api</artifactId>