Return-Path: <user-return-10168-archive-asf-public=cust-asf.ponee.io@zookeeper.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 4ACCA200B27
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed,  8 Jun 2016 03:48:54 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 49528160A36; Wed,  8 Jun 2016 01:48:54 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 91F41160A4F
	for <archive-asf-public@cust-asf.ponee.io>; Wed,  8 Jun 2016 03:48:53 +0200 (CEST)
Received: (qmail 81518 invoked by uid 500); 8 Jun 2016 01:48:52 -0000
Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@zookeeper.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@zookeeper.apache.org>
List-Post: <mailto:user@zookeeper.apache.org>
List-Id: <user.zookeeper.apache.org>
Reply-To: user@zookeeper.apache.org
Delivered-To: mailing list user@zookeeper.apache.org
Received: (qmail 81496 invoked by uid 99); 8 Jun 2016 01:48:52 -0000
Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Jun 2016 01:48:52 +0000
Received: from mail-lf0-f48.google.com (mail-lf0-f48.google.com [209.85.215.48])
	by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 6491A1A015B;
	Wed,  8 Jun 2016 01:48:51 +0000 (UTC)
Received: by mail-lf0-f48.google.com with SMTP id s186so61385288lfs.1;
        Tue, 07 Jun 2016 18:48:51 -0700 (PDT)
X-Gm-Message-State: ALyK8tJ3/0g4WcTuZzISQyB0NQXejGCZT+99br7+CY6mDgIb4RtHoxVdsgocq0itE7vYsG0PSjGfWwTJ8tZ07Q==
X-Received: by 10.25.127.4 with SMTP id a4mr3330146lfd.111.1465350529787; Tue,
 07 Jun 2016 18:48:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.144.75 with HTTP; Tue, 7 Jun 2016 18:48:10 -0700 (PDT)
In-Reply-To: <CA+i0x1LtR89Uf7qCpZvdZ04K_LbBfadKSFjhp5KBwW_YTZSL5g@mail.gmail.com>
References: <D37B2D4A.38D2%pallavi_hegde@bmc.com> <CA+i0x1LtR89Uf7qCpZvdZ04K_LbBfadKSFjhp5KBwW_YTZSL5g@mail.gmail.com>
From: Patrick Hunt <phunt@apache.org>
Date: Tue, 7 Jun 2016 18:48:10 -0700
X-Gmail-Original-Message-ID: <CANLc_9J4OhvJCkwod9waWo4iDRO7fx6Wm-gpCXKzmCNsh_ee7g@mail.gmail.com>
Message-ID: <CANLc_9J4OhvJCkwod9waWo4iDRO7fx6Wm-gpCXKzmCNsh_ee7g@mail.gmail.com>
Subject: Re: Zookeeper 3.4.8 is bundled with old version of Netty:jar
To: DevZooKeeper <dev@zookeeper.apache.org>
Cc: UserZooKeeper <user@zookeeper.apache.org>
Content-Type: multipart/alternative; boundary=001a113eb6e8ccb27a0534ba81b5
archived-at: Wed, 08 Jun 2016 01:48:54 -0000

--001a113eb6e8ccb27a0534ba81b5
Content-Type: text/plain; charset=UTF-8

There is a jira for this already. Someone want to drive this one?

https://issues.apache.org/jira/browse/ZOOKEEPER-2399

Patrick

On Mon, Jun 6, 2016 at 1:51 PM, Michael Han <hanm@cloudera.com> wrote:

> FYI branch 3.4 was recently patched with Netty 3.10 to address some of the
> security concerns as described in ZOOKEEPER-2423: Upgrade Netty version due
> to security vulnerability.
>
>
> https://github.com/apache/zookeeper/commit/f0a49567d545bd6584cb8ece2d491dc6c65174f8
>
>
>
>
> On Mon, Jun 6, 2016 at 1:38 PM, Hegde, Pallavi <pallavi_hegde@bmc.com>
> wrote:
>
> > Hello,
> > We are currently facing some security issues with Zookeeper version 3.4.7
> > & 3.4.8, since its bundled with very old version of Netty:jar, version
> > 3.7.0.
> > Could you address this issue in future Zookeeper releases by packaging it
> > with Netty.jar-4.0.27, or higher version of Netty:jar? I am sure this
> will
> > help many other issues including security violations.
> >
> > Thanks
> > Pallavi
> >
> >
>
>
> --
> Cheers
> Michael.
>

--001a113eb6e8ccb27a0534ba81b5--