Hi, Do you wait for 3.10.0 and you can upgrade to this version, or you need a patch version for other maintained series?
Best, tison. Christopher <ctubb...@apache.org> 于2024年7月5日周五 11:13写道: > I don't know the answer, but I wouldn't think that issue is important > enough to warrant a change in release plans. It's not a bug in ZooKeeper, > but a dependency that has a very high degree of compatibility with other > versions of that dependency. You can easily work around the issue > downstream by simply swapping in the updated version of logback in your > installation's class path. > > On Fri, Jul 5, 2024, 13:02 Deepika Kumaravel <deepikakumara...@gmail.com> > wrote: > > > Hi Team , > > > > In one of our Zookeeper Service there is a CVE -ZOOKEEPER-LogBack-Issue > > <https://nvd.nist.gov/vuln/detail/CVE-2023-6378> for LogBack Version > with > > high priority .Have seen the fix is already available in Zookeeper PR - > > Fix_for_CVE <https://github.com/apache/zookeeper/pull/2159> in master > > Branch and we are waiting for the next release.Can you please let us know > > the tentative date of next release update ? > > We will plan accordingly for the fix in our applications > > > > > > Thanks! > > >
