Ben, Il Gio 5 Gen 2023, 20:45 Ben Johnston <ben.johns...@cofense.com.invalid> ha scritto:
> Hello, > > I am an app sec engineer for a company who uses Zookeeper. I would like to > join the slack as a guest to get some visibility on the release process, > We are not using slack for communication about those things. There is a global ASF slack space, usually open only to committers + guests, and we have a zookeeper channel. But it is only meant for informal quick chats, like pinging someone for review. Discussions happen here on dev@ and if you want to report a new issue you have to use security zookeeper.apache.org that is a private list. especially as it relates to updating library versions to fix CVEs. My team > is tracking several CVEs > > CVE-2022-42003/4 > CVE-2020-36518 > CVE-2022-41915 > > We’re on the 3.8 version. Thanks! > Those CVEs are about library upgrades. Can you please double check if we already upgraded those libraries? I think that it would only be a matter of cutting a release. It has been quite some time that we didn't cut a release out of the 3.8 branch. We can do it. Jackson is usually easily upgradable and Netty requires only some testing. If you can't wait for a release you could upgrade those libraries and build your package Thanks Enrico > > *Ben Johnston, GCIH, GCFA, GPEN* > > Application Security Engineer > > *COFENSE* > > *o.* 785-250-4412 > > *e.* ben.johns...@cofense.com > > > > *Connect with Cofense:* > > > > [image: https://cofense.com/wp-content/uploads/2019/07/cofense.png] > <https://cofense.com/>[image: > https://cofense.com/wp-content/uploads/2019/06/fb.png] > <https://facebook.com/cofense>[image: > https://cofense.com/wp-content/uploads/2019/06/tw.png] > <https://twitter.com/cofense>[image: > https://cofense.com/wp-content/uploads/2019/06/li.png] > <https://linkedin.com/company/cofense>[image: > https://cofense.com/wp-content/uploads/2019/06/ig.png] > <https://www.instagram.com/cofense/>[image: > https://cofense.com/wp-content/uploads/2019/06/m.png] > <https://www.themuse.com/profiles/cofense> > > > > > >