The release branch 3.4 is frozen and we should cut new releases only for
important security reasons or other important issues for users that cannot
upgrade to 3.5.

Given that 3.5 is now the suggested version and the upgrade path is simple
I think there is no need to put effort into this activity.

Is there any other valid reason for not using 3.4 + Netty in production ?
We can advise users on the website that Netty 3 is old, and it is suggested
to move do plain NIO or to ZK 3.5 client.
Is the Netty dependency flagging us with security risks ?

Il giorno ven 4 ott 2019 alle ore 10:52 Andor Molnar <an...@apache.org> ha
scritto:

> Hi ZK users / devs,
>
> ZooKeeper branch-3.4 is still on Netty 3 which is not maintained by the
> Netty team anymore. There’s no intention of updating it on our side, hence
> we’re planning to remove it from the codebase completely and ask existing
> users to upgrade to 3.5, if they still want to use Netty. 3.5 is a much
> better option anyway in various aspects: Netty 4 performs better, TLS
> support in both quorum and client communication, etc.
>
> The default stack in 3.4 is NIO, so our gut feeling is that the impact on
> our existing users is low, however the most important effect of this change
> is probably the loss of encrypted client connections.
>
> Please share your thoughts about this change and let us know if upgrading
> to 3.5 is not possible in your use case.
>
> Tracking Jira: https://issues.apache.org/jira/browse/ZOOKEEPER-3568
>
> Regards,
> Andor
>
>
>
>

Reply via email to