Perfect, thanks Andor.
We will patch it ourselves.
Best,
Li
On Thu, Mar 14, 2024 at 1:11 PM Andor Molnar wrote:
> Hi Li,
>
> That's the right ticket.
>
> I've just updated the Jira ticket with the links to the commits.
> There's no PR since it was a security fix, but looks like we forgot
Hi Li,
That's the right ticket.
I've just updated the Jira ticket with the links to the commits.
There's no PR since it was a security fix, but looks like we forgot to
add it to the master branch.
Damien, would you please take care of that?
Btw, we don't plan to fix it in the 3.7 release line,
Thanks, Andor.
Do you have the PR link for the fix in 3.9.2 and 3.8.4? There is a
JIRA ticket in the release notes of 3.9.2 and 3.8.4, but the status is
still OPEN and there is no PR link there.
https://issues.apache.org/jira/browse/ZOOKEEPER-4799
We are in 3.7.2 and may need to patch it
Severity: critical
Affected versions:
- Apache ZooKeeper 3.9.0 through 3.9.1
- Apache ZooKeeper 3.8.0 through 3.8.3
- Apache ZooKeeper 3.6.0 through 3.7.2
Description:
Information disclosure in persistent watchers handling in Apache ZooKeeper due
to missing ACL check. It allows an attacker to
gendong1 created ZOOKEEPER-4816:
---
Summary: A follower can not join the cluster for 20s seconds
Key: ZOOKEEPER-4816
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4816
Project: ZooKeeper