lipzhu commented on pull request #32572:
URL: https://github.com/apache/spark/pull/32572#issuecomment-843021436
Yes, you are right, the list CVE were resolved by `netty-all 4.1.63.Final`.
For zookeeper, version 3.6.3
https://zookeeper.apache.org/doc/r3.6.3/releasenotes.html includes the
lipzhu commented on pull request #32572:
URL: https://github.com/apache/spark/pull/32572#issuecomment-842801439
> Are those CVE applicable to Zookeeper Client , @lipzhu ?
Found https://issues.apache.org/jira/browse/ZOOKEEPER-4278
https://issues.apache.org/jira/browse/ZOOKEEPER-4272
