You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Mate Szalay-Beko (Jira)" <ji...@apache.org> on 2022/12/08 14:23:00 UTC

[jira] [Created] (ZOOKEEPER-4645) Backport ZOOKEEPER-3941 (commons-cli upgrade) to branch-3.6

Mate Szalay-Beko created ZOOKEEPER-4645:
-------------------------------------------

             Summary: Backport ZOOKEEPER-3941 (commons-cli upgrade) to branch-3.6
                 Key: ZOOKEEPER-4645
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4645
             Project: ZooKeeper
          Issue Type: Task
            Reporter: Mate Szalay-Beko
            Assignee: Mate Szalay-Beko


commons-cli 1.2 is affected by a known vulnerability (). To fix it, we need to upgrade, but versions 1.3+ deprecated some classes we use in the code. In ZOOKEEPER-3941 we upgraded to commons-cli to version 1.4, but this was originally shipped only in ZooKeeper 3.7.0+.

 

To fix the CVE before the release 3.6.4, we need to update commons-cli (by backporting ZOOKEEPER-3941) on branch-3.6.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)