Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-2798

Upgrade Zookeeper version due to CVE-2016-5017

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Critical
    • Resolution: Not A Problem
    • 1.0.0, 0.7.0
    • None
    • Core Framework

    Description

      The currently used version of Zookeeper 3.4.6 is subject to a buffer overflow attack using the C command-line interface (documented as CVE-2016-5017 [1]). Version 3.4.9 patches this issue. In nifi/pom.xml, this version number should be updated, and basic compatibility/smoke tests should be run to ensure no new issues are introduced by the version increment.

      [1] https://zookeeper.apache.org/security.html#CVE-2016-5017

      Attachments

        Activity

          People

            Unassigned Unassigned
            alopresto Andy LoPresto
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 4h
                4h
                Remaining:
                Remaining Estimate - 4h
                4h
                Logged:
                Time Spent - Not Specified
                Not Specified