[
https://issues.apache.org/jira/browse/ZOOKEEPER-4696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17727562#comment-17727562
]
Szucs Villo commented on ZOOKEEPER-4696:
----------------------------------------
I started working on the patch. I think we need to upgrade the main version of
Jetty because all of the 9.4-based versions have CVE problems. See here:
[https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server]. We should
upgrade Jetty to 11.0.15, which is the latest version. For this, we need quite
a few code changes because of the deprecated methods and classes.
[https://www.eclipse.org/jetty/javadoc/jetty-10/deprecated-list.html]
> Update for Zookeeper latest version
> ------------------------------------
>
> Key: ZOOKEEPER-4696
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4696
> Project: ZooKeeper
> Issue Type: Bug
> Components: security, server
> Affects Versions: 3.8.0
> Reporter: Dilip anand
> Assignee: Szucs Villo
> Priority: Critical
> Labels: CVE
>
> Hi team,
> We ran a scan for security vulnerability fixes,we have seen CVE's that
> are affected for zookeeper and version of zookeeper we are using is 3.8.0
> .Here are the CVE's which are affected with zookeeper
> CVE-2022-32221,CVE-2023-23914,CVE-2023-27533,CVE-2023-27534,CVE-2022-22576,CVE-2020-8169,CVE-2020-8285,CVE-2020-8286,CVE-2021-22926,CVE-2021-22946,CVE-2022-27775,CVE-2022-27781,CVE-2022-27782,CVE-2023-23916
> which do not have any reports in red hat website. we want to know what
> version of zookeeper will clear these CVEs and when it'll be released?
> Regards,
> Dilip
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
