zookeeper icon indicating copy to clipboard operation
zookeeper copied to clipboard
verified publisher icon apache

ZOOKEEPER-4602 : Upgrade reload4j due to XXE vulnerability

Open AnanyaSingh2121 opened this issue 3 years ago • 1 comments

AnanyaSingh2121 avatar Jul 31 '22 15:07 AnanyaSingh2121

lgtm (non-binding). Can you please update for branch-3.7 also.

brahmareddybattula avatar Aug 08 '22 10:08 brahmareddybattula

updated for branch-3.7 also : https://github.com/apache/zookeeper/pull/1914

AnanyaSingh2121 avatar Aug 14 '22 05:08 AnanyaSingh2121

lgtm.

Has it been upgraded on the master branch yet?

No, because we use logback on master/3.8. Sorry ignore my comment. Though you don't need to create pull requests for every single branch. The patch is trivial, it should be easily backported by the merge script.

anmolnar avatar Aug 15 '22 16:08 anmolnar

If no other concerns, I'll merge it at this weekend(09-03).

maoling avatar Sep 02 '22 11:09 maoling

@AnanyaSingh2121 can you please send the same patch for master branch and branch-3.8 ?

I didn't see that the patch targeted branch-3.6 we must apply this fix to all active branches

eolivelli avatar Sep 02 '22 14:09 eolivelli

Sorry, I missed @anmolnar 's comment. Since 3.8 we are already good as we are on logback

eolivelli avatar Sep 02 '22 14:09 eolivelli