Hello Ollie, We've been planning for a ZooKeeper 3.6.4 release pretty soon, discussed here:
https://lists.apache.org/thread/6clwwojh8p7gghpl2x0rj9crm8xhb8gx First, we're going to get a few more dependency upgrades done. Please note that this will be the last release in the 3.6 line. It's pretty easy to upgrade to 3.7 or even 3.8. The 3.7 line continues to use reload4j. The 3.8 line switches to logback. Chris Nauroth On Tue, Dec 13, 2022 at 9:17 AM Oliver Lambert <oliver.c.lamb...@gmail.com> wrote: > Hi, > > Hope you are well, and thanks for all you do to build / maintain zookeeper. > > One of the systems I work on has currently got zookeeper 3.6.3 deployed, > but it is notifying about the log4j critical security vulnerabilities, > which I see have been fixed in > https://issues.apache.org/jira/browse/ZOOKEEPER-4455 - thanks! However, > unfortunately I'm not in a position to upgrade to 3.7.x or 3.8.x at this > time due to other components in the system, so I'm writing to ask if it > would be possible to release v3.6.4 with the fix for > https://issues.apache.org/jira/browse/ZOOKEEPER-4455 in it? Do you have > an > estimate for when this will be released, or is 3.6.x no longer supported? > > Cheers > Ollie >
