Mate Szalay-Beko
Mate Szalay-Beko
Thank you @luke-sterkowicz for the contribution!! I re-triggered the CI, but don't worry about it (you were hitting a known flaky test, it is unrelated to your PR) > Introduce...
> shutdown will take slightly longer (in rare cases may be long enough for some people to consider it a regression) Thanks! I think this is a good reason to...
> I didn't add "New in X.x" info as I guess this is yet TBD. please add "New in 3.9.0" to this PR, as it was opened against the master...
sorry for the delay, I kind of forgot about this one, I can merge it :( @eolivelli - can I merge this or do we need an other test run...
yes, I agree to eliminate some of these CI jobs. I'll merge this PR now.
merge is done, thank you @madrob for your contribution! and for your patience ;)
> sorry,it should be CVE-2022-22965 actually CVE-2022-22965 is about Spring (and we don't use Spring in ZooKeeper). I think the CVE you are looking for is CVE-2022-24823. At lease when...
> this is the only CVE it finds and it is indeed fixed with netty update. hmm... but this PR is about jetty, not netty. So why do we want...
On the other hand we don't necessarily need a CVE to upgrade jetty I think. I just want to understand the reasoning.
Thank you @edwin092 , [CVE-2022-2048](https://github.com/advisories/GHSA-wgmr-mf83-7x4j) indeed looks scary and it does affect ZooKeeper. Unfortunately we need at least jetty 9.4.47 to fix it, so this PR in its current form...