There is a jira for this already. Someone want to drive this one? https://issues.apache.org/jira/browse/ZOOKEEPER-2399
Patrick On Mon, Jun 6, 2016 at 1:51 PM, Michael Han <h...@cloudera.com> wrote: > FYI branch 3.4 was recently patched with Netty 3.10 to address some of the > security concerns as described in ZOOKEEPER-2423: Upgrade Netty version due > to security vulnerability. > > > https://github.com/apache/zookeeper/commit/f0a49567d545bd6584cb8ece2d491dc6c65174f8 > > > > > On Mon, Jun 6, 2016 at 1:38 PM, Hegde, Pallavi <pallavi_he...@bmc.com> > wrote: > > > Hello, > > We are currently facing some security issues with Zookeeper version 3.4.7 > > & 3.4.8, since its bundled with very old version of Netty:jar, version > > 3.7.0. > > Could you address this issue in future Zookeeper releases by packaging it > > with Netty.jar-4.0.27, or higher version of Netty:jar? I am sure this > will > > help many other issues including security violations. > > > > Thanks > > Pallavi > > > > > > > -- > Cheers > Michael. >
