We have a zk server running 3.4.6 version, that is really problematic to
update, and currently we have the same zk client version which has
CVE-2017-5637 vulnerability and generates alerts of our automatic SEC
monitoring. We have really limited access to the server and can't update zk
version on both server and client. But we can update client only.
We will be able to perform some simple smoke testing of this set up, but I
would like to ask if anybody did it before, or is there a confidence that
this would work without problems.
I am reviewing currently the changes from 3.4.6 till 3.4.10, but of course I
can miss something.
Thanks in advance
Sent from: http://zookeeper-user.578899.n2.nabble.com/