This is an automated email from the ASF dual-hosted git repository.
symat pushed a commit to branch branch-3.6
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/branch-3.6 by this push:
new 5f406645f prepare release notes for ZooKeeper 3.6.4
5f406645f is described below
commit 5f406645faee4a378826a24ca218c04002374291
Author: Mate Szalay-Beko <[email protected]>
AuthorDate: Wed Dec 14 15:22:34 2022 +0100
prepare release notes for ZooKeeper 3.6.4
---
.../src/main/resources/markdown/releasenotes.md | 108 +++++++++------------
1 file changed, 45 insertions(+), 63 deletions(-)
diff --git a/zookeeper-docs/src/main/resources/markdown/releasenotes.md
b/zookeeper-docs/src/main/resources/markdown/releasenotes.md
index 8c8ead103..541a8cbbd 100644
--- a/zookeeper-docs/src/main/resources/markdown/releasenotes.md
+++ b/zookeeper-docs/src/main/resources/markdown/releasenotes.md
@@ -14,74 +14,56 @@ See the License for the specific language governing
permissions and
limitations under the License.
//-->
-
-
-# Release Notes - ZooKeeper - Version 3.6.3
-
+# Release Notes - ZooKeeper - Version 3.6.4
+
## Bug
-* [ZOOKEEPER-2307](https://issues.apache.org/jira/browse/ZOOKEEPER-2307) -
ZooKeeper not starting because acceptedEpoch is less than the currentEpoch
-* [ZOOKEEPER-3128](https://issues.apache.org/jira/browse/ZOOKEEPER-3128) - Get
CLI Command displays Authentication error for Authorization error
-* [ZOOKEEPER-3877](https://issues.apache.org/jira/browse/ZOOKEEPER-3877) - JMX
Bean RemotePeerBean should enclose IPV6 host in square bracket same as
LocalPeerBean
-* [ZOOKEEPER-3887](https://issues.apache.org/jira/browse/ZOOKEEPER-3887) - In
SSL-only server zkServer.sh status command should use secureClientPortAddress
instead of clientPortAddress
-* [ZOOKEEPER-3911](https://issues.apache.org/jira/browse/ZOOKEEPER-3911) -
Data inconsistency caused by DIFF sync uncommitted log
-* [ZOOKEEPER-3931](https://issues.apache.org/jira/browse/ZOOKEEPER-3931) -
"zkServer.sh version" returns a trailing dash
-* [ZOOKEEPER-3954](https://issues.apache.org/jira/browse/ZOOKEEPER-3954) - use
of uninitialized data in
zookeeper-client/zookeeper-client-c/src/zookeeper.c:free_auth_completion
-* [ZOOKEEPER-3955](https://issues.apache.org/jira/browse/ZOOKEEPER-3955) -
added a shebang or a 'shell' directive to lastRevision.sh
-* [ZOOKEEPER-3983](https://issues.apache.org/jira/browse/ZOOKEEPER-3983) - C
client test suite hangs forever 'sss' is configured in /etc/nsswitch.conf
-* [ZOOKEEPER-3991](https://issues.apache.org/jira/browse/ZOOKEEPER-3991) -
QuorumCnxManager Listener port bind retry does not retry DNS lookup
-* [ZOOKEEPER-3992](https://issues.apache.org/jira/browse/ZOOKEEPER-3992) -
addWatch api should check the null watch
-* [ZOOKEEPER-4011](https://issues.apache.org/jira/browse/ZOOKEEPER-4011) -
Maven build fails on branch-3.6 because of jUnit 5 usage in
DIFFSyncConsistencyTest
-* [ZOOKEEPER-4045](https://issues.apache.org/jira/browse/ZOOKEEPER-4045) -
CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
-* [ZOOKEEPER-4055](https://issues.apache.org/jira/browse/ZOOKEEPER-4055) -
Dockerfile can't build Zookeeper C client library
-* [ZOOKEEPER-4194](https://issues.apache.org/jira/browse/ZOOKEEPER-4194) -
ZooInspector throws NullPointerExceptions to console when node data is null
-* [ZOOKEEPER-4205](https://issues.apache.org/jira/browse/ZOOKEEPER-4205) -
Test fails when port 8080 is in use
-* [ZOOKEEPER-4207](https://issues.apache.org/jira/browse/ZOOKEEPER-4207) - New
CI pipeline checks out master in branch builds too
-* [ZOOKEEPER-4220](https://issues.apache.org/jira/browse/ZOOKEEPER-4220) -
Potential redundant connection attempts during leader election
-* [ZOOKEEPER-4222](https://issues.apache.org/jira/browse/ZOOKEEPER-4222) -
Backport ZOOKEEPER-2307 to branch-3.6
-* [ZOOKEEPER-4223](https://issues.apache.org/jira/browse/ZOOKEEPER-4223) -
Backport ZOOKEEPER-3706 to branch-3.6
-* [ZOOKEEPER-4224](https://issues.apache.org/jira/browse/ZOOKEEPER-4224) -
Backport ZOOKEEPER-3891 to branch-3.6
-* [ZOOKEEPER-4225](https://issues.apache.org/jira/browse/ZOOKEEPER-4225) -
Backport ZOOKEEPER-3642 to branch-3.6
-* [ZOOKEEPER-4227](https://issues.apache.org/jira/browse/ZOOKEEPER-4227) -
X509AuthFailureTest is failing consistently
-* [ZOOKEEPER-4230](https://issues.apache.org/jira/browse/ZOOKEEPER-4230) - Use
dynamic temp folder instead of static temp folder in RestMain
-* [ZOOKEEPER-4232](https://issues.apache.org/jira/browse/ZOOKEEPER-4232) -
InvalidSnapshotTest corrupts its own test data
-* [ZOOKEEPER-4260](https://issues.apache.org/jira/browse/ZOOKEEPER-4260) -
Backport ZOOKEEPER-3575 to branch-3.6
-* [ZOOKEEPER-4267](https://issues.apache.org/jira/browse/ZOOKEEPER-4267) - Fix
check-style issues
-* [ZOOKEEPER-4269](https://issues.apache.org/jira/browse/ZOOKEEPER-4269) -
acceptedEpoch.tmp rename failure will cause server startup error
-* [ZOOKEEPER-4272](https://issues.apache.org/jira/browse/ZOOKEEPER-4272) -
Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295
-* [ZOOKEEPER-4277](https://issues.apache.org/jira/browse/ZOOKEEPER-4277) -
dependency-check:check failing - jetty-server-9.4.38 CVE-2021-28165
-* [ZOOKEEPER-4278](https://issues.apache.org/jira/browse/ZOOKEEPER-4278) -
dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
+* [ZOOKEEPER-1875](https://issues.apache.org/jira/browse/ZOOKEEPER-1875) -
NullPointerException in ClientCnxn$EventThread.processEvent
+* [ZOOKEEPER-3652](https://issues.apache.org/jira/browse/ZOOKEEPER-3652) -
Improper synchronization in ClientCnxn
+* [ZOOKEEPER-3781](https://issues.apache.org/jira/browse/ZOOKEEPER-3781) -
Zookeeper 3.5.7 not creating snapshot
+* [ZOOKEEPER-3988](https://issues.apache.org/jira/browse/ZOOKEEPER-3988) -
org.apache.zookeeper.server.NettyServerCnxn.receiveMessage throws
NullPointerException
+* [ZOOKEEPER-4247](https://issues.apache.org/jira/browse/ZOOKEEPER-4247) - NPE
while processing message from restarted quorum member
+* [ZOOKEEPER-4275](https://issues.apache.org/jira/browse/ZOOKEEPER-4275) -
Slowness in sasl login or subject.doAs() causes zk client to falsely assume
that the server did not respond, closes connection and goes to unnecessary
retries
+* [ZOOKEEPER-4331](https://issues.apache.org/jira/browse/ZOOKEEPER-4331) -
zookeeper artifact is not compatible with OSGi runtime
+* [ZOOKEEPER-4345](https://issues.apache.org/jira/browse/ZOOKEEPER-4345) -
Avoid NoSunchMethodException caused by shaded zookeeper jar
+* [ZOOKEEPER-4360](https://issues.apache.org/jira/browse/ZOOKEEPER-4360) -
Avoid NPE during metrics execution if the leader is not set on a FOLLOWER node
+* [ZOOKEEPER-4362](https://issues.apache.org/jira/browse/ZOOKEEPER-4362) -
ZKDatabase.txnCount logged non transactional requests
+* [ZOOKEEPER-4445](https://issues.apache.org/jira/browse/ZOOKEEPER-4445) -
branch-3.6 txnLogCountTest use wrong version of Junit Assert import
+* [ZOOKEEPER-4446](https://issues.apache.org/jira/browse/ZOOKEEPER-4446) -
branch-3.6 txnLogCountTest use wrong version of Junit Assert import
+* [ZOOKEEPER-4452](https://issues.apache.org/jira/browse/ZOOKEEPER-4452) -
Log4j 1.X CVE-2022-23302/5/7 vulnerabilities
+* [ZOOKEEPER-4477](https://issues.apache.org/jira/browse/ZOOKEEPER-4477) -
Single Kerberos ticket renewal failure can prevent all future renewals since
Java 9
+* [ZOOKEEPER-4504](https://issues.apache.org/jira/browse/ZOOKEEPER-4504) -
ZKUtil#deleteRecursive causing deadlock in HDFS HA functionality
+* [ZOOKEEPER-4505](https://issues.apache.org/jira/browse/ZOOKEEPER-4505) -
CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1
+* [ZOOKEEPER-4514](https://issues.apache.org/jira/browse/ZOOKEEPER-4514) -
ClientCnxnSocketNetty throwing NPE
+* [ZOOKEEPER-4515](https://issues.apache.org/jira/browse/ZOOKEEPER-4515) - ZK
Cli quit command always logs error
+* [ZOOKEEPER-4516](https://issues.apache.org/jira/browse/ZOOKEEPER-4516) -
checkstyle:check is failing
+* [ZOOKEEPER-4537](https://issues.apache.org/jira/browse/ZOOKEEPER-4537) -
Race between SyncThread and CommitProcessor thread
+
## Improvement
-* [ZOOKEEPER-1871](https://issues.apache.org/jira/browse/ZOOKEEPER-1871) - Add
an option to zkCli to wait for connection before executing commands
-* [ZOOKEEPER-3671](https://issues.apache.org/jira/browse/ZOOKEEPER-3671) - Use
ThreadLocalConcurrent to Replace Random and Math.random
-* [ZOOKEEPER-3808](https://issues.apache.org/jira/browse/ZOOKEEPER-3808) -
correct the documentation about digest.enabled
-* [ZOOKEEPER-3858](https://issues.apache.org/jira/browse/ZOOKEEPER-3858) - Add
metrics to track server unavailable time
-* [ZOOKEEPER-3935](https://issues.apache.org/jira/browse/ZOOKEEPER-3935) -
Handle float metrics in check_zookeeper
-* [ZOOKEEPER-3950](https://issues.apache.org/jira/browse/ZOOKEEPER-3950) - Add
support for BCFKS key/trust store format
-* [ZOOKEEPER-3952](https://issues.apache.org/jira/browse/ZOOKEEPER-3952) -
Remove commons-lang from ZooKeeper
-* [ZOOKEEPER-3960](https://issues.apache.org/jira/browse/ZOOKEEPER-3960) -
Update ZooKeeper client documentation about key file format parameters
-* [ZOOKEEPER-3978](https://issues.apache.org/jira/browse/ZOOKEEPER-3978) -
Adding additional security metrics to zookeeper
-* [ZOOKEEPER-4209](https://issues.apache.org/jira/browse/ZOOKEEPER-4209) -
Update Netty version to 4.1.53.Final on 3.5 branch
-* [ZOOKEEPER-4231](https://issues.apache.org/jira/browse/ZOOKEEPER-4231) - Add
document for snapshot compression config
-* [ZOOKEEPER-4259](https://issues.apache.org/jira/browse/ZOOKEEPER-4259) -
Allow AdminServer to force https
-
-## Task
-
-* [ZOOKEEPER-3957](https://issues.apache.org/jira/browse/ZOOKEEPER-3957) -
Create Owasp check build on new Jenkins instance
-* [ZOOKEEPER-3980](https://issues.apache.org/jira/browse/ZOOKEEPER-3980) - Fix
Jenkinsfiles with new tool names
-* [ZOOKEEPER-3981](https://issues.apache.org/jira/browse/ZOOKEEPER-3981) -
Flaky test MultipleAddressTest::testGetValidAddressWithNotValid
-* [ZOOKEEPER-4017](https://issues.apache.org/jira/browse/ZOOKEEPER-4017) -
Owasp check failing - Jetty 9.4.32 - CVE-2020-27216
-* [ZOOKEEPER-4023](https://issues.apache.org/jira/browse/ZOOKEEPER-4023) -
dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218
-* [ZOOKEEPER-4056](https://issues.apache.org/jira/browse/ZOOKEEPER-4056) -
Update copyright notices from 2020 to 2021
-* [ZOOKEEPER-4233](https://issues.apache.org/jira/browse/ZOOKEEPER-4233) -
dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-2722
-
-## Sub-task
-
-* [ZOOKEEPER-4251](https://issues.apache.org/jira/browse/ZOOKEEPER-4251) -
Flaky test: org.apache.zookeeper.test.WatcherTest
-* [ZOOKEEPER-4270](https://issues.apache.org/jira/browse/ZOOKEEPER-4270) -
Flaky test: QuorumPeerMainTest#testLeaderOutOfView
-
+* [ZOOKEEPER-4382](https://issues.apache.org/jira/browse/ZOOKEEPER-4382) -
Update Maven Bundle Plugin in order to allow builds on JDK18
+* [ZOOKEEPER-4455](https://issues.apache.org/jira/browse/ZOOKEEPER-4455) -
Move to https://reload4j.qos.ch/ (remove log4j1)
+* [ZOOKEEPER-4462](https://issues.apache.org/jira/browse/ZOOKEEPER-4462) -
Upgrade Netty TCNative to 2.0.48
+* [ZOOKEEPER-4468](https://issues.apache.org/jira/browse/ZOOKEEPER-4468) -
Backport BCFKS key/trust store format support to branch 3.5
+* [ZOOKEEPER-4529](https://issues.apache.org/jira/browse/ZOOKEEPER-4529) -
Upgrade netty to 4.1.76.Final
+* [ZOOKEEPER-4531](https://issues.apache.org/jira/browse/ZOOKEEPER-4531) -
Revert Netty TCNative change
+* [ZOOKEEPER-4551](https://issues.apache.org/jira/browse/ZOOKEEPER-4551) - Do
not log spammy stacktrace when a client closes its connection
+* [ZOOKEEPER-4602](https://issues.apache.org/jira/browse/ZOOKEEPER-4602) -
Upgrade reload4j due to XXE vulnerability
+
+## Task
+* [ZOOKEEPER-4315](https://issues.apache.org/jira/browse/ZOOKEEPER-4315) - Fix
NOTICE file in the source distribution
+* [ZOOKEEPER-4337](https://issues.apache.org/jira/browse/ZOOKEEPER-4337) -
CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0
+* [ZOOKEEPER-4414](https://issues.apache.org/jira/browse/ZOOKEEPER-4414) -
Update Netty to 4.1.70.Final
+* [ZOOKEEPER-4429](https://issues.apache.org/jira/browse/ZOOKEEPER-4429) -
Update jackson-databind to 2.13.1
+* [ZOOKEEPER-4454](https://issues.apache.org/jira/browse/ZOOKEEPER-4454) -
Upgrade Netty to 4.1.73
+* [ZOOKEEPER-4469](https://issues.apache.org/jira/browse/ZOOKEEPER-4469) -
Suppress OWASP false positives related to Netty TCNative
+* [ZOOKEEPER-4478](https://issues.apache.org/jira/browse/ZOOKEEPER-4478) -
Suppress OWASP false positives zookeeper-jute-3.8.0-SNAPSHOT.jar:
CVE-2021-29425, CVE-2021-28164, CVE-2021-34429
+* [ZOOKEEPER-4510](https://issues.apache.org/jira/browse/ZOOKEEPER-4510) -
dependency-check:check failing - reload4j-1.2.19.jar: CVE-2020-9493,
CVE-2022-23307
+* [ZOOKEEPER-4644](https://issues.apache.org/jira/browse/ZOOKEEPER-4644) -
Update 3rd party library versions before release 3.6.4
+* [ZOOKEEPER-4645](https://issues.apache.org/jira/browse/ZOOKEEPER-4645) -
Backport ZOOKEEPER-3941 (commons-cli upgrade) to branch-3.6
+* [ZOOKEEPER-4649](https://issues.apache.org/jira/browse/ZOOKEEPER-4649) -
Upgrade netty to 4.1.86 because of CVE-2022-41915
+* [ZOOKEEPER-4651](https://issues.apache.org/jira/browse/ZOOKEEPER-4651) - Fix
checkstyle problems on branch-3.6
