Bump. There is a new CVE in zookeeper before 3.7.2.
https://nvd.nist.gov/vuln/detail/CVE-2023-44981 I think maybe it is time for us to bump the zookeeper version now. Thanks. 张铎(Duo Zhang) <[email protected]> 于2023年3月16日周四 18:27写道: > > We only use Curator in hbase-examples IIRC, so it should be OK to upgrade it. > > For ZooKeeper, besides client server wire compatibility, we also need to > consider java compatibility. For example, different protobuf versions can > communicate with each other, but if you depend on protobuf 2.5 and 3.x in the > java project, you will be in trouble as the classes are different... > > So the question here is, if we upgrade ZooKeeper to 3.8.x, will it break > downstream users who are still on ZooKeeper 3.6.x or 3.7.x? > > Thanks. > > Villő Szűcs <[email protected]> 于2023年2月28日周二 22:33写道: >> >> Hi, >> I’d like to upgrade zookeeper in hbase (and in other components as well) to >> 3.8.1 version and curator to 5.4.0 version. >> It is useful since the current zookeeper version 3.5.7 is EOL and we should >> release HBASE 3 with the latest zookeeper to be on an active version. >> ZooKeeper clients from 3.5.x onwards are fully compatible with 3.8.x >> servers. ZooKeeper 3.8.x clients are compatible with 3.5.x, 3.6.x and 3.7.x >> servers as long as we are not using new APIs not present these versions. >> See ZooKeeper 3.8.0 Release Notes[1] for details. >> Curator 5.0 contains a few non-backward compatible/breaking changes from >> previous versions: https://curator.apache.org/breaking-changes.html, but >> these changes have no effect on hbase. See Curator Release Notes[2] for >> details. >> Do you have any suggestions? >> >> [1] https://zookeeper.apache.org/doc/r3.8.0/releasenotes.html >> [2] https://cwiki.apache.org/confluence/display/CURATOR/Releases
