[
https://issues.apache.org/jira/browse/DRILL-8514?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17908273#comment-17908273
]
PJ Fanning commented on DRILL-8514:
-----------------------------------
We currently depend on zookeeper 3.5.10 jar and the only CVE that affects this
version is:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44981
This looks like more of a Zookeeper server side issue that affects SASL users
and can be mitigated by using firewalls. It makes sense to use network level
protections like this anyway.
> Bump zookeeper to 3.9.3
> -----------------------
>
> Key: DRILL-8514
> URL: https://issues.apache.org/jira/browse/DRILL-8514
> Project: Apache Drill
> Issue Type: Improvement
> Affects Versions: 1.21.2
> Reporter: Letian Jiang
> Priority: Major
> Fix For: Future
>
>
> https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper/3.9.3
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
