Hi all, There's a Zookeeper related CVE CVE-2023-44981 [1] which is fixed in Pulsar by upgrading to Zookeeper version 3.8.3 in PR #21398 [2]. This has already been cherry-picked to branch-3.0 and branch-3.1. This will be included in the upcoming 3.0.2 release, which is already planned [3]. However, we don't yet have the release process started for Pulsar 3.1.2 . Pulsar 3.1.1 was very recently released [4].
Could we expedite the release of Pulsar 3.1.2 due to CVE-2023-44981? Would someone like to volunteer as the release manager? -Lari 1 - https://github.com/advisories/GHSA-7286-pgfv-vxvh 2 - https://github.com/apache/pulsar/pull/21398 3 - https://lists.apache.org/thread/8t77qw9mv4hhh1tbm0jpb25pd38j74w3 4 - https://lists.apache.org/thread/rtvk7ks8zr5jowpfjv08dhykqt67n9b6
