[ https://issues.apache.org/jira/browse/ZOOKEEPER-4762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andor Molnar resolved ZOOKEEPER-4762. ------------------------------------- Resolution: Fixed > Update netty jars to 4.1.99+ to fix CVE-2023-4586 > ------------------------------------------------- > > Key: ZOOKEEPER-4762 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4762 > Project: ZooKeeper > Issue Type: Bug > Affects Versions: 3.8.3 > Reporter: Dhoka Pramod > Priority: Critical > Fix For: 3.8.4 > > > [https://nvd.nist.gov/vuln/detail/CVE-2023-4586] > A vulnerability was found in the Hot Rod client. This security issue occurs > as the Hot Rod client does not enable hostname validation when using TLS, > possibly resulting in a man-in-the-middle (MITM) attack. -- This message was sent by Atlassian Jira (v8.20.10#820010)