zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Han <h...@cloudera.com>
Subject Re: Zookeeper 3.4.8 is bundled with old version of Netty:jar
Date Mon, 06 Jun 2016 20:51:02 GMT
FYI branch 3.4 was recently patched with Netty 3.10 to address some of the
security concerns as described in ZOOKEEPER-2423: Upgrade Netty version due
to security vulnerability.

https://github.com/apache/zookeeper/commit/f0a49567d545bd6584cb8ece2d491dc6c65174f8




On Mon, Jun 6, 2016 at 1:38 PM, Hegde, Pallavi <pallavi_hegde@bmc.com>
wrote:

> Hello,
> We are currently facing some security issues with Zookeeper version 3.4.7
> & 3.4.8, since its bundled with very old version of Netty:jar, version
> 3.7.0.
> Could you address this issue in future Zookeeper releases by packaging it
> with Netty.jar-4.0.27, or higher version of Netty:jar? I am sure this will
> help many other issues including security violations.
>
> Thanks
> Pallavi
>
>


-- 
Cheers
Michael.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message