Hi team,
I have a zk cluster with three nodes with zk version 3.5.5.
zoo.cfg looks like this, with a exception that server.61 has an additional line
extendedTypesEnabled=true:
maxClientCnxns=300
reconfigEnabled=false
4lw.commands.whitelist=*
snapCount=50
initLimit=10
syncLimit=5
Severity: critical
Affected versions:
- Apache ZooKeeper 3.9.0
- Apache ZooKeeper 3.8.0 through 3.8.2
- Apache ZooKeeper 3.7.0 through 3.7.1
- Apache ZooKeeper before 3.7.0
Description:
Authorization Bypass Through User-Controlled Key vulnerability in Apache
ZooKeeper. If SASL Quorum Peer
The last time I heard of a discussion along these lines, such an API was
frowned upon a bit because it is susceptible to having a very large amount
of returned data and thus being having a strong potential for causing
disruption for other uses, particularly if the entire returned result has
to be
Dhoka Pramod created ZOOKEEPER-4758:
---
Summary: Upgrade snappy-java to 1.1.10.4 to fix CVE-2023-43642
Key: ZOOKEEPER-4758
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4758
Project: ZooKeeper