[jira] [Commented] (ZOOKEEPER-3806) TLS - dynamic loading for client trust/key store
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17423339#comment-17423339 ] Li Wang commented on ZOOKEEPER-3806: [~eprabab]This is a feature we are looking for too. Is anyone working on it or planning to work on it? Thanks, Li > TLS - dynamic loading for client trust/key store > > > Key: ZOOKEEPER-3806 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3806 > Project: ZooKeeper > Issue Type: Improvement >Affects Versions: 3.6.0, 3.5.5, 3.5.6 >Reporter: Pradeep >Priority: Major > > Dynamic reloading of trust/key store is supported for quorum > TLS([https://github.com/apache/zookeeper/pull/737]) . > But reloading of key/trust store for ClientX509Util is not supported yet , > short lived certs requires the process restart. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (ZOOKEEPER-4390) Backport ZOOKEEPER-4337 for branch-3.5 and branch-3.6
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4390?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ananya Singh updated ZOOKEEPER-4390: Labels: pull-requests-available (was: ) > Backport ZOOKEEPER-4337 for branch-3.5 and branch-3.6 > - > > Key: ZOOKEEPER-4390 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4390 > Project: ZooKeeper > Issue Type: Bug > Components: security >Affects Versions: 3.5.9 >Reporter: Ananya Singh >Priority: Major > Labels: pull-requests-available > > Our security tool raised the following security flaws on zookeeper 3.5.9: > CVE-2021-28163: > [https://nvd.nist.gov/vuln/detail/CVE-2021-28163|https://nvd.nist.gov/vuln/detail/CVE-2021-21295] > CVE-2021-28169: > [https://nvd.nist.gov/vuln/detail/CVE-2021-28169|https://nvd.nist.gov/vuln/detail/CVE-2021-21295] > CVE-2021-34428: > [https://nvd.nist.gov/vuln/detail/CVE-2021-34428|https://nvd.nist.gov/vuln/detail/CVE-2021-21295] > > It is a vulnerability related to jar jetty-http-9.4.35.v20201120.jar -- This message was sent by Atlassian Jira (v8.3.4#803005)
