[jira] [Commented] (ZOOKEEPER-4778) Patch jetty, netty, and logback to remove high severity vulnerabilities

Zili Chen (Jira) Thu, 08 Feb 2024 17:43:04 -0800


    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4778?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17815889#comment-17815889
 ]


Zili Chen commented on ZOOKEEPER-4778:
--------------------------------------

branch-3.7 via 
https://github.com/apache/zookeeper/commit/6a0e0ea09bae7d07d98b58a647d25afef2a8988f

Although we announced 3.7's EOL, it's possible to have a final release to 
publish all staged commits in branch-3.7. If it happens, it should be 3.7.3.

> Patch jetty, netty, and logback to remove high severity vulnerabilities
> -----------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-4778
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4778
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: security
>            Reporter: Ivgeni
>            Assignee: Damien Diederen
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.10.0, 3.7.3, 3.8.4, 3.9.2
>
>   Original Estimate: 24h
>          Time Spent: 3.5h
>  Remaining Estimate: 20.5h
>
> logback-core & logback-classic:
> [https://nvd.nist.gov/vuln/detail/CVE-2023-6378]
> netty-codec:
> [https://nvd.nist.gov/vuln/detail/CVE-2023-44487]
> jetty-io:
> [https://nvd.nist.gov/vuln/detail/CVE-2023-36478]
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (ZOOKEEPER-4778) Patch jetty, netty, and logback to remove high severity vulnerabilities

Reply via email to