Details
-
Task
-
Status: Resolved
-
Critical
-
Resolution: Not A Problem
-
1.0.0, 0.7.0
-
None
Description
The currently used version of Zookeeper 3.4.6 is subject to a buffer overflow attack using the C command-line interface (documented as CVE-2016-5017 [1]). Version 3.4.9 patches this issue. In nifi/pom.xml, this version number should be updated, and basic compatibility/smoke tests should be run to ensure no new issues are introduced by the version increment.
[1] https://zookeeper.apache.org/security.html#CVE-2016-5017