Filed https://issues.apache.org/jira/browse/HBASE-28153.
If there are no objections, I will provide a PR there to upgrade the zookeeper version to 3.8.x on branch-2+. For branch-2.4, I prefer we just leave it as is because soon it will be EOL. For branch-2.5, I think it depends on the RM's opinion. Thanks. 张铎(Duo Zhang) <[email protected]> 于2023年10月12日周四 10:47写道: > > Bump. > > There is a new CVE in zookeeper before 3.7.2. > > https://nvd.nist.gov/vuln/detail/CVE-2023-44981 > > I think maybe it is time for us to bump the zookeeper version now. > > Thanks. > > 张铎(Duo Zhang) <[email protected]> 于2023年3月16日周四 18:27写道: > > > > We only use Curator in hbase-examples IIRC, so it should be OK to upgrade > > it. > > > > For ZooKeeper, besides client server wire compatibility, we also need to > > consider java compatibility. For example, different protobuf versions can > > communicate with each other, but if you depend on protobuf 2.5 and 3.x in > > the java project, you will be in trouble as the classes are different... > > > > So the question here is, if we upgrade ZooKeeper to 3.8.x, will it break > > downstream users who are still on ZooKeeper 3.6.x or 3.7.x? > > > > Thanks. > > > > Villő Szűcs <[email protected]> 于2023年2月28日周二 22:33写道: > >> > >> Hi, > >> I’d like to upgrade zookeeper in hbase (and in other components as well) to > >> 3.8.1 version and curator to 5.4.0 version. > >> It is useful since the current zookeeper version 3.5.7 is EOL and we should > >> release HBASE 3 with the latest zookeeper to be on an active version. > >> ZooKeeper clients from 3.5.x onwards are fully compatible with 3.8.x > >> servers. ZooKeeper 3.8.x clients are compatible with 3.5.x, 3.6.x and 3.7.x > >> servers as long as we are not using new APIs not present these versions. > >> See ZooKeeper 3.8.0 Release Notes[1] for details. > >> Curator 5.0 contains a few non-backward compatible/breaking changes from > >> previous versions: https://curator.apache.org/breaking-changes.html, but > >> these changes have no effect on hbase. See Curator Release Notes[2] for > >> details. > >> Do you have any suggestions? > >> > >> [1] https://zookeeper.apache.org/doc/r3.8.0/releasenotes.html > >> [2] https://cwiki.apache.org/confluence/display/CURATOR/Releases
