[jira] [Resolved] (ZOOKEEPER-4645) Backport ZOOKEEPER-3941 (commons-cli upgrade) to branch-3.6

Mate Szalay-Beko (Jira) Fri, 09 Dec 2022 00:54:11 -0800


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4645?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Mate Szalay-Beko resolved ZOOKEEPER-4645.
-----------------------------------------
    Fix Version/s: 3.6.4
       Resolution: Fixed

Issue resolved by pull request 1954
[https://github.com/apache/zookeeper/pull/1954]

> Backport ZOOKEEPER-3941 (commons-cli upgrade) to branch-3.6
> -----------------------------------------------------------
>
>                 Key: ZOOKEEPER-4645
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4645
>             Project: ZooKeeper
>          Issue Type: Task
>            Reporter: Mate Szalay-Beko
>            Assignee: Mate Szalay-Beko
>            Priority: Major
>             Fix For: 3.6.4
>
>
> commons-cli 1.2 is affected by a known vulnerability (). To fix it, we need 
> to upgrade, but versions 1.3+ deprecated some classes we use in the code. In 
> ZOOKEEPER-3941 we upgraded to commons-cli to version 1.4, but this was 
> originally shipped only in ZooKeeper 3.7.0+.
>  
> To fix the CVE before the release 3.6.4, we need to update commons-cli (by 
> backporting ZOOKEEPER-3941) on branch-3.6.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (ZOOKEEPER-4645) Backport ZOOKEEPER-3941 (commons-cli upgrade) to branch-3.6

Reply via email to