By all means send it to us. It is not really surprising though, ZK is not really written to be an externally-facing system. I speak about the difficulties of bad client behavior at length in one of my talks on ZooKeeper, "ZooKeeper for the Skeptical Architect". It isn't designed for misbehaving clients.
Thanks, C On Thu, Feb 19, 2015 at 7:19 PM, Evan Gilman <[email protected]> wrote: > We discovered last year some behavior in ZK that can trigger DoS with very > low complexity. We are now writing a blog post on our findings (and other > surrounding it) but would like to send mail to the responsible disclosure > list before doing so. > > Where should I direct responsible disclosures? Thanks in advance. > > -- > evan >
