Upgrade Zookeeper to 3.8.3 to address CVE-2023-44981 #4112

lhotari · 2023-10-19T05:59:30Z

OWASP dependency check reports CVE-2023-44981 for Zookeeper.

Upgrade Zookeeper to 3.8.3.
Release notes: https://zookeeper.apache.org/doc/r3.8.3/releasenotes.html
Also upgrade snappy-java to 1.1.10.5 since Zookeeper depends on that library.

- also upgrade snappy-java that Zookeeper depends on

### Motivation OWASP dependency check reports CVE-2023-44981 for Zookeeper. ### Changes Upgrade Zookeeper to 3.8.3. Release notes: https://zookeeper.apache.org/doc/r3.8.3/releasenotes.html Also upgrade snappy-java to 1.1.10.5 since Zookeeper depends on that library.

### Motivation OWASP dependency check reports CVE-2023-44981 for Zookeeper. ### Changes Upgrade Zookeeper to 3.8.3. Release notes: https://zookeeper.apache.org/doc/r3.8.3/releasenotes.html Also upgrade snappy-java to 1.1.10.5 since Zookeeper depends on that library. (cherry picked from commit b33a0c9)

Upgrade Zookeeper to 3.8.3 to address CVE-2023-44981

a6833a5

- also upgrade snappy-java that Zookeeper depends on

lhotari force-pushed the lh-upgrade-zookeeper-3.8.3 branch from 40fc0f4 to a6833a5 Compare October 19, 2023 06:01

hangc0276 approved these changes Oct 19, 2023

View reviewed changes

hangc0276 requested review from eolivelli, shoothzj and zymap October 19, 2023 06:28

hangc0276 assigned lhotari Oct 19, 2023

hangc0276 added the dependencies Pull requests that update a dependency file label Oct 19, 2023

hangc0276 added this to the 4.17.0 milestone Oct 19, 2023

hangc0276 added the release/4.16.4 label Oct 19, 2023

zymap approved these changes Oct 20, 2023

View reviewed changes

hangc0276 mentioned this pull request Oct 23, 2023

Bump org.xerial.snappy:snappy-java from 1.1.10.1 to 1.1.10.4 #4088

Closed

hangc0276 merged commit b33a0c9 into apache:master Oct 23, 2023
16 checks passed

hangc0276 added the cherry-picked/branch-4.16 label Jan 18, 2024

Provide feedback