zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Hunt <ph...@apache.org>
Subject Re: Zookeeper 3.4.8 is bundled with old version of Netty:jar
Date Wed, 08 Jun 2016 01:48:10 GMT
There is a jira for this already. Someone want to drive this one?

https://issues.apache.org/jira/browse/ZOOKEEPER-2399

Patrick

On Mon, Jun 6, 2016 at 1:51 PM, Michael Han <hanm@cloudera.com> wrote:

> FYI branch 3.4 was recently patched with Netty 3.10 to address some of the
> security concerns as described in ZOOKEEPER-2423: Upgrade Netty version due
> to security vulnerability.
>
>
> https://github.com/apache/zookeeper/commit/f0a49567d545bd6584cb8ece2d491dc6c65174f8
>
>
>
>
> On Mon, Jun 6, 2016 at 1:38 PM, Hegde, Pallavi <pallavi_hegde@bmc.com>
> wrote:
>
> > Hello,
> > We are currently facing some security issues with Zookeeper version 3.4.7
> > & 3.4.8, since its bundled with very old version of Netty:jar, version
> > 3.7.0.
> > Could you address this issue in future Zookeeper releases by packaging it
> > with Netty.jar-4.0.27, or higher version of Netty:jar? I am sure this
> will
> > help many other issues including security violations.
> >
> > Thanks
> > Pallavi
> >
> >
>
>
> --
> Cheers
> Michael.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message