On 8 May 2015 at 09:46, Patrick Hunt <[email protected]> wrote: > There's a great post on Pager Duty today, > > http://www.pagerduty.com/blog/the-discovery-of-apache-zookeepers-poison-packet/ > some good comments on hackernews too > https://news.ycombinator.com/item?id=9509698 > > If I understand correctly bug1 is already fixed: > https://issues.apache.org/jira/browse/ZOOKEEPER-2146 > should be released in 3.4.7+ > > However bug2 > https://issues.apache.org/jira/browse/ZOOKEEPER-602 > is just in 3.5 and not 3.4.x. Note my push back in the comments on 602 re > risk vs reward. Evan makes a good case for including it. :-) > > We should also recommend that folks run with > -XX:-HeapDumpOnOutOfMemoryError > I would think. That should have caused the jvm to restart when bug1 was > hit. > > Thoughts? Hongchao can you confirm that 2146 fixes bug 1? >
While we are at the topic of bad input: https://issues.apache.org/jira/browse/ZOOKEEPER-2186. I have an internal patch for trunk, will back-port to 3.4 as well. -rgs
