[
https://issues.apache.org/jira/browse/NIFI-10079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17545126#comment-17545126
]
David Handermann commented on NIFI-10079:
-----------------------------------------
Thanks for providing the focused issue [~msr1716].
ZooKeeper [Releases Documentation|https://zookeeper.apache.org/releases.html]
indicates that 3.5.9 is now end-of-life, so the timing for an upgrade is good.
Release documentation specifies that ZooKeeper client 3.8.0 is compatible with
3.5, 3.6, and 3.7 servers as long newer client API methods are not being used.
This needs to be tested, but initial evaluation should start with ZooKeeper
client 3.8.0.
> Upgrade ZooKeeper to 3.8.0
> --------------------------
>
> Key: NIFI-10079
> URL: https://issues.apache.org/jira/browse/NIFI-10079
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.6.0, 1.16.1, 1.16.2
> Reporter: Mike R
> Priority: Major
>
> The version of Zookeeper .jars used has a Medium 5.8 CVE against it and there
> is an update to Zookeeper to allow for a fix. The CVE can be found at
> [https://nvd.nist.gov/vuln/detail/CVE-2021-21295] and there is a more recent
> version of Zookeeper to help mitigate this
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
