[
https://issues.apache.org/jira/browse/ZOOKEEPER-5057?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated ZOOKEEPER-5057:
--------------------------------------
Labels: pull-request-available (was: )
> Logback CVE vulnerabilities in zookeeper 3.9.5
> ----------------------------------------------
>
> Key: ZOOKEEPER-5057
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-5057
> Project: ZooKeeper
> Issue Type: Bug
> Components: security
> Affects Versions: 3.9.5
> Reporter: Badreddine Itani
> Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> We are installing Zookeeper 3.9.5 on a production server.
> Our security scan detected the following vulnerabilities:
> * [https://nvd.nist.gov/vuln/detail/CVE-2025-11226]
> * [https://nvd.nist.gov/vuln/detail/CVE-2026-1225]
> I will open a Pull request to upgrade the logback version from *'1.3.15'* to
> *'1.5.34'*
--
This message was sent by Atlassian Jira
(v8.20.10#820010)