Hi Everyone, I am writing this mail to get your inputs or feedback on one of the Zookeeper vulnerability CVE-2024-51504 and its impact on NiFi. We are using NiFi 1.27 version clusters. And the vulnerability affected versions are Apache Zookeeper 3.9.0 before 3.9.3.
Our security team raised this vulnerability and asked for upgrade of Zookeeper. I did my research and got to know we cannot upgrade embedded zookeeper that comes with NiFi. Also, I see Dev support is ended for 1.x except for critical bugs. [cid:719b693b-9844-44d0-9a90-8487220a5261] Is there any solution to fix this? Could you please take a moment and share your inputs on this. More details on Vulnerability can be found here. https://zookeeper.apache.org/security.html#CVE-2024-51504 [image005] Bharath Chandra | Integration Analyst IT Centers of Excellence 13736 Riverport Dr., Maryland Heights, MO 63043 The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
