You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by Code Monkey <co...@gmail.com> on 2021/09/13 01:33:40 UTC

CVE-2021-37136/37137

Hey Everyone!

     Just wanted to give everyone a heads up that I've opened
https://github.com/apache/zookeeper/pull/1753 to address an update for
io.netty:netty-codec
in zookeeper for the aforementioned vulnerabilities. As this is my first
time contributing to ZK (I did try to read the committing guidelines :D ),
would appreciate any feedback or help on getting this in to keep us all
just a bit more secure <3. Cheers!

                                    -CM

Re: CVE-2021-37136/37137

Posted by Ted Dunning <te...@gmail.com>.

Thanks for the contribution!

Btw... this tiny update is probably fine, but if you ever want to
contribute something more substantial, we will need to know who you are.
Your account name and signature give no real hint and we need to know where
the code in an Apache project comes from. As I mentioned, a bump on a
version number does much matter, but any serious amount of code is a
different thing.

On Sun, Sep 12, 2021 at 6:34 PM Code Monkey <co...@gmail.com> wrote:

> Hey Everyone!
>
>      Just wanted to give everyone a heads up that I've opened
> https://github.com/apache/zookeeper/pull/1753 to address an update for
> io.netty:netty-codec
> in zookeeper for the aforementioned vulnerabilities. As this is my first
> time contributing to ZK (I did try to read the committing guidelines :D ),
> would appreciate any feedback or help on getting this in to keep us all
> just a bit more secure <3. Cheers!
>
>                                     -CM
>