I don't know the answer, but I wouldn't think that issue is important enough to warrant a change in release plans. It's not a bug in ZooKeeper, but a dependency that has a very high degree of compatibility with other versions of that dependency. You can easily work around the issue downstream by simply swapping in the updated version of logback in your installation's class path.
On Fri, Jul 5, 2024, 13:02 Deepika Kumaravel <deepikakumara...@gmail.com> wrote: > Hi Team , > > In one of our Zookeeper Service there is a CVE -ZOOKEEPER-LogBack-Issue > <https://nvd.nist.gov/vuln/detail/CVE-2023-6378> for LogBack Version with > high priority .Have seen the fix is already available in Zookeeper PR - > Fix_for_CVE <https://github.com/apache/zookeeper/pull/2159> in master > Branch and we are waiting for the next release.Can you please let us know > the tentative date of next release update ? > We will plan accordingly for the fix in our applications > > > Thanks! >
