You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Mate Szalay-Beko (Jira)" <ji...@apache.org> on 2022/12/08 14:23:00 UTC
[jira] [Created] (ZOOKEEPER-4645) Backport ZOOKEEPER-3941 (commons-cli upgrade) to branch-3.6
Mate Szalay-Beko created ZOOKEEPER-4645:
-------------------------------------------
Summary: Backport ZOOKEEPER-3941 (commons-cli upgrade) to branch-3.6
Key: ZOOKEEPER-4645
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4645
Project: ZooKeeper
Issue Type: Task
Reporter: Mate Szalay-Beko
Assignee: Mate Szalay-Beko
commons-cli 1.2 is affected by a known vulnerability (). To fix it, we need to upgrade, but versions 1.3+ deprecated some classes we use in the code. In ZOOKEEPER-3941 we upgraded to commons-cli to version 1.4, but this was originally shipped only in ZooKeeper 3.7.0+.
To fix the CVE before the release 3.6.4, we need to update commons-cli (by backporting ZOOKEEPER-3941) on branch-3.6.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)