[
https://issues.apache.org/jira/browse/ZOOKEEPER-5057?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andor Molnar reassigned ZOOKEEPER-5057:
---------------------------------------
Assignee: Badreddine Itani
> Logback CVE vulnerabilities in zookeeper 3.9.5
> ----------------------------------------------
>
> Key: ZOOKEEPER-5057
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-5057
> Project: ZooKeeper
> Issue Type: Bug
> Components: security
> Affects Versions: 3.9.5
> Reporter: Badreddine Itani
> Assignee: Badreddine Itani
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.10.0, 3.8.7, 3.9.6
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> We are installing Zookeeper 3.9.5 on a production server.
> Our security scan detected the following vulnerabilities:
> * [https://nvd.nist.gov/vuln/detail/CVE-2025-11226]
> * [https://nvd.nist.gov/vuln/detail/CVE-2026-1225]
> I will open a Pull request to upgrade the logback version from *'1.3.15'* to
> *'1.5.34'*
--
This message was sent by Atlassian Jira
(v8.20.10#820010)