You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/05/06 14:08:34 UTC

[GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher

dongjinleekr opened a new pull request #10642:
URL: https://github.com/apache/kafka/pull/10642


   [CVE-2021-21409](https://nvd.nist.gov/vuln/detail/CVE-2021-21409) in Zookeeper was fixed in [3.6.3](https://zookeeper.apache.org/doc/r3.6.3/releasenotes.html).
   
   ### Committer Checklist (excluded from commit message)
   - [ ] Verify design and implementation 
   - [ ] Verify test coverage and CI build status
   - [ ] Verify documentation (including upgrade notes)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] dongjinleekr closed pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher

Posted by GitBox <gi...@apache.org>.

dongjinleekr closed pull request #10642:
URL: https://github.com/apache/kafka/pull/10642


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] dongjinleekr commented on pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher

Posted by GitBox <gi...@apache.org>.

dongjinleekr commented on pull request #10642:
URL: https://github.com/apache/kafka/pull/10642#issuecomment-839446528


   @Boojapho Totally agree. Let's keep an eye on the other projects' updates. It would not be late until Zookeeper and other related projects drop the support for the security vulnerability.
   
   +1. I am now testing the Kafka cluster with Zookeeper 3.6.x. Everything is working fine until now, except classpath conflict in Kafka itself. I am now working on it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] Boojapho commented on pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher

Posted by GitBox <gi...@apache.org>.

Boojapho commented on pull request #10642:
URL: https://github.com/apache/kafka/pull/10642#issuecomment-838928359


   > Also, we override the netty version, so I am not sure the ZK version needs to be bumped at all.
   
   So long as only one verson of netty remains in the release, that should work instead of bumping ZK.  I think 2.8 already uses a version that fixes the vulnerability.  2.7 and 2.6 might still need updates.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] dongjinleekr commented on pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher

Posted by GitBox <gi...@apache.org>.

dongjinleekr commented on pull request #10642:
URL: https://github.com/apache/kafka/pull/10642#issuecomment-833561404


   > This is a major version bump and it requires some analysis on the impact.
   
   Agree.
   
   > There is no 3.5.x release with this fix?
   
   Yes, this issue was fixed in [ZOOKEEPER-4278](https://issues.apache.org/jira/browse/ZOOKEEPER-4278) which is included in 3.6.3, 3.7.1, and 3.8.0.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] ijuma commented on pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher

Posted by GitBox <gi...@apache.org>.

ijuma commented on pull request #10642:
URL: https://github.com/apache/kafka/pull/10642#issuecomment-833556749


   Also, we override the netty version, so I am not sure the ZK version needs to be bumped at all.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] ijuma commented on pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher

Posted by GitBox <gi...@apache.org>.

ijuma commented on pull request #10642:
URL: https://github.com/apache/kafka/pull/10642#issuecomment-833556259


   This is a major version bump and it requires some analysis on the impact. There is no 3.5.x release with this fix?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org