I see a jira for this (or at least part? plz update appropriately), no PR yet that i can see: https://issues.apache.org/jira/issues/?jql=project%20%3D%20ZOOKEEPER%20AND%20text%20~%20cve%20ORDER%20BY%20created%20DESC
Regards, Patrick On Thu, May 8, 2025 at 8:05 AM John Muczynski <[email protected]> wrote: > I see that ZooKeeper 3.8.4 is the latest stable release. > But it has CVEs, notably the two High CVEs: CVE-2024-47535, CVE-2024-47554 > > * Solution: Upgrade commons-io:commons-io to 2.14.0 > * Solution: Upgrade io.netty:netty-common to 4.1.115 > Is there a plan to release a new “latest stable release” or an update in > the 3.8.x series? > > >
