(bookkeeper) 12/21: Upgrade Zookeeper to 3.9.3 to address CVE-2024-51504 (#4523)

lhotari Wed, 16 Apr 2025 08:48:11 -0700

This is an automated email from the ASF dual-hosted git repository.

lhotari pushed a commit to branch branch-4.16
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git


commit 7cba2a665abc6b7568b4628aafb2d3f928620dfc
Author: Lari Hotari <lhot...@users.noreply.github.com>
AuthorDate: Wed Nov 13 15:29:25 2024 +0000

    Upgrade Zookeeper to 3.9.3 to address CVE-2024-51504 (#4523)
    
    * Upgrade Zookeeper to 3.9.3 to address CVE-2024-51504
    
    * Upgrade curator to 5.7.1
    
    (cherry picked from commit af8baa18ad9f5d079400f65d8f686a78bf93c393)
---
 bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt    | 14 +++++++-------
 bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt  | 14 +++++++-------
 bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 14 +++++++-------
 pom.xml                                                   |  4 ++--
 4 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt 
b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
index b52d8cde66..5f0a35d2bb 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
@@ -261,9 +261,9 @@ Apache Software License, Version 2.
 - lib/org.apache.logging.log4j-log4j-slf4j-impl-2.18.0.jar [17]
 - lib/org.apache.commons-commons-collections4-4.1.jar [19]
 - lib/org.apache.commons-commons-lang3-3.6.jar [20]
-- lib/org.apache.zookeeper-zookeeper-3.8.3.jar [21]
-- lib/org.apache.zookeeper-zookeeper-jute-3.8.3.jar [21]
-- lib/org.apache.zookeeper-zookeeper-3.8.3-tests.jar [21]
+- lib/org.apache.zookeeper-zookeeper-3.9.3.jar [21]
+- lib/org.apache.zookeeper-zookeeper-jute-3.9.3.jar [21]
+- lib/org.apache.zookeeper-zookeeper-3.9.3-tests.jar [21]
 - lib/org.eclipse.jetty-jetty-http-9.4.53.v20231009.jar [22]
 - lib/org.eclipse.jetty-jetty-io-9.4.53.v20231009.jar [22]
 - lib/org.eclipse.jetty-jetty-security-9.4.53.v20231009.jar [22]
@@ -296,9 +296,9 @@ Apache Software License, Version 2.
 - lib/io.grpc-grpc-testing-1.54.1.jar [33]
 - lib/io.grpc-grpc-xds-1.54.1.jar [33]
 - lib/io.grpc-grpc-rls-1.54.1.jar[33]
-- lib/org.apache.curator-curator-client-5.1.0.jar [34]
-- lib/org.apache.curator-curator-framework-5.1.0.jar [34]
-- lib/org.apache.curator-curator-recipes-5.1.0.jar [34]
+- lib/org.apache.curator-curator-client-5.7.1.jar [34]
+- lib/org.apache.curator-curator-framework-5.7.1.jar [34]
+- lib/org.apache.curator-curator-recipes-5.7.1.jar [34]
 - lib/com.google.errorprone-error_prone_annotations-2.9.0.jar [36]
 - lib/org.apache.yetus-audience-annotations-0.12.0.jar [37]
 - lib/org.jctools-jctools-core-2.1.2.jar [38]
@@ -351,7 +351,7 @@ Apache Software License, Version 2.
 [29] Source available at https://github.com/google/gson/tree/gson-parent-2.10.1
 [30] Source available at 
https://github.com/census-instrumentation/opencensus-java/tree/v0.28.0
 [33] Source available at https://github.com/grpc/grpc-java/tree/v1.56.0
-[34] Source available at 
https://github.com/apache/curator/releases/tag/apache.curator-5.1.0
+[34] Source available at 
https://github.com/apache/curator/releases/tag/apache.curator-5.7.1
 [36] Source available at https://github.com/google/error-prone/tree/v2.9.0
 [37] Source available at https://github.com/apache/yetus/tree/rel/0.12.0
 [38] Source available at https://github.com/JCTools/JCTools/tree/v2.1.2
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt 
b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
index b0db094e5b..cab6b3fc9a 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
@@ -242,9 +242,9 @@ Apache Software License, Version 2.
 - lib/org.apache.logging.log4j-log4j-slf4j-impl-2.18.0.jar [16]
 - lib/org.apache.commons-commons-collections4-4.1.jar [18]
 - lib/org.apache.commons-commons-lang3-3.6.jar [19]
-- lib/org.apache.zookeeper-zookeeper-3.8.3.jar [20]
-- lib/org.apache.zookeeper-zookeeper-jute-3.8.3.jar [20]
-- lib/org.apache.zookeeper-zookeeper-3.8.3-tests.jar [20]
+- lib/org.apache.zookeeper-zookeeper-3.9.3.jar [20]
+- lib/org.apache.zookeeper-zookeeper-jute-3.9.3.jar [20]
+- lib/org.apache.zookeeper-zookeeper-3.9.3-tests.jar [20]
 - lib/com.beust-jcommander-1.82.jar [23]
 - lib/net.jpountz.lz4-lz4-1.3.0.jar [25]
 - lib/com.google.api.grpc-proto-google-common-protos-2.9.0.jar [27]
@@ -267,9 +267,9 @@ Apache Software License, Version 2.
 - lib/io.grpc-grpc-testing-1.54.1.jar [32]
 - lib/io.grpc-grpc-xds-1.54.1.jar [32]
 - lib/io.grpc-grpc-rls-1.54.1.jar[32]
-- lib/org.apache.curator-curator-client-5.1.0.jar [33]
-- lib/org.apache.curator-curator-framework-5.1.0.jar [33]
-- lib/org.apache.curator-curator-recipes-5.1.0.jar [33]
+- lib/org.apache.curator-curator-client-5.7.1.jar [33]
+- lib/org.apache.curator-curator-framework-5.7.1.jar [33]
+- lib/org.apache.curator-curator-recipes-5.7.1.jar [33]
 - lib/com.google.errorprone-error_prone_annotations-2.9.0.jar [35]
 - lib/org.apache.yetus-audience-annotations-0.12.0.jar [36]
 - lib/org.jctools-jctools-core-2.1.2.jar [37]
@@ -310,7 +310,7 @@ Apache Software License, Version 2.
 [28] Source available at https://github.com/google/gson/tree/gson-parent-2.10.1
 [29] Source available at 
https://github.com/census-instrumentation/opencensus-java/tree/v0.28.0
 [32] Source available at https://github.com/grpc/grpc-java/tree/v1.56.0
-[33] Source available at 
https://github.com/apache/curator/tree/apache-curator-5.1.0
+[33] Source available at 
https://github.com/apache/curator/tree/apache-curator-5.7.1
 [35] Source available at https://github.com/google/error-prone/tree/v2.9.0
 [36] Source available at https://github.com/apache/yetus/tree/rel/0.12.0
 [37] Source available at https://github.com/JCTools/JCTools/tree/v2.1.2
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt 
b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
index 0639101644..498ba5014d 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
@@ -261,9 +261,9 @@ Apache Software License, Version 2.
 - lib/org.apache.logging.log4j-log4j-slf4j-impl-2.18.0.jar [17]
 - lib/org.apache.commons-commons-collections4-4.1.jar [19]
 - lib/org.apache.commons-commons-lang3-3.6.jar [20]
-- lib/org.apache.zookeeper-zookeeper-3.8.3.jar [21]
-- lib/org.apache.zookeeper-zookeeper-jute-3.8.3.jar [21]
-- lib/org.apache.zookeeper-zookeeper-3.8.3-tests.jar [21]
+- lib/org.apache.zookeeper-zookeeper-3.9.3.jar [21]
+- lib/org.apache.zookeeper-zookeeper-jute-3.9.3.jar [21]
+- lib/org.apache.zookeeper-zookeeper-3.9.3-tests.jar [21]
 - lib/org.eclipse.jetty-jetty-http-9.4.53.v20231009.jar [22]
 - lib/org.eclipse.jetty-jetty-io-9.4.53.v20231009.jar [22]
 - lib/org.eclipse.jetty-jetty-security-9.4.53.v20231009.jar [22]
@@ -296,9 +296,9 @@ Apache Software License, Version 2.
 - lib/io.grpc-grpc-testing-1.54.1.jar [33]
 - lib/io.grpc-grpc-xds-1.54.1.jar [33]
 - lib/io.grpc-grpc-rls-1.54.1.jar[33]
-- lib/org.apache.curator-curator-client-5.1.0.jar [34]
-- lib/org.apache.curator-curator-framework-5.1.0.jar [34]
-- lib/org.apache.curator-curator-recipes-5.1.0.jar [34]
+- lib/org.apache.curator-curator-client-5.7.1.jar [34]
+- lib/org.apache.curator-curator-framework-5.7.1.jar [34]
+- lib/org.apache.curator-curator-recipes-5.7.1.jar [34]
 - lib/com.google.errorprone-error_prone_annotations-2.9.0.jar [36]
 - lib/org.apache.yetus-audience-annotations-0.12.0.jar [37]
 - lib/org.jctools-jctools-core-2.1.2.jar [38]
@@ -347,7 +347,7 @@ Apache Software License, Version 2.
 [29] Source available at https://github.com/google/gson/tree/gson-parent-2.10.1
 [30] Source available at 
https://github.com/census-instrumentation/opencensus-java/tree/v0.28.0
 [33] Source available at https://github.com/grpc/grpc-java/tree/v1.56.0
-[34] Source available at 
https://github.com/apache/curator/releases/tag/apache.curator-5.1.0
+[34] Source available at 
https://github.com/apache/curator/releases/tag/apache.curator-5.7.1
 [36] Source available at https://github.com/google/error-prone/tree/v2.9.0
 [37] Source available at https://github.com/apache/yetus/tree/rel/0.12.0
 [38] Source available at https://github.com/JCTools/JCTools/tree/v2.1.2
diff --git a/pom.xml b/pom.xml
index 6ec4c4c7cb..fc45653f95 100644
--- a/pom.xml
+++ b/pom.xml
@@ -127,7 +127,7 @@
     <commons-lang3.version>3.6</commons-lang3.version>
     <commons-io.version>2.7</commons-io.version>
     <bouncycastle.version>1.0.2.4</bouncycastle.version>
-    <curator.version>5.1.0</curator.version>
+    <curator.version>5.7.1</curator.version>
     <dropwizard.version>4.1.12.1</dropwizard.version>
     <jetcd.version>0.7.7</jetcd.version>
     <failsafe.version>3.2.2</failsafe.version>
@@ -175,7 +175,7 @@
     <javax-annotations-api.version>1.3.2</javax-annotations-api.version>
     <testcontainers.version>1.19.4</testcontainers.version>
     <vertx.version>4.5.7</vertx.version>
-    <zookeeper.version>3.8.3</zookeeper.version>
+    <zookeeper.version>3.9.3</zookeeper.version>
     <snappy.version>1.1.10.5</snappy.version>
     <jctools.version>2.1.2</jctools.version>
     <hppc.version>0.9.1</hppc.version>

(bookkeeper) 12/21: Upgrade Zookeeper to 3.9.3 to address CVE-2024-51504 (#4523)

Reply via email to