Skip to content

ZOOKEEPER-4897 Upgrade Netty to 4.1.118.Final to fix CVE-2025-24970 #2226

Merged
cnauroth merged 2 commits intoapache:branch-3.9from
helloworld28:ZOOKEEPER-4897-2
Mar 11, 2025
Merged

ZOOKEEPER-4897 Upgrade Netty to 4.1.118.Final to fix CVE-2025-24970 #2226
cnauroth merged 2 commits intoapache:branch-3.9from
helloworld28:ZOOKEEPER-4897-2

Conversation

@helloworld28
Copy link
Contributor

@helloworld28 helloworld28 commented Feb 24, 2025

No description provided.

tisonkun
tisonkun approved these changes Feb 25, 2025
View reviewed changes
Copy link
Member

@tisonkun tisonkun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@tisonkun
Copy link
Member

tisonkun commented Feb 25, 2025

@helloworld28 I noticed that this patch is against branch-3.9. Shall we apply for master also?

@helloworld28
Copy link
Contributor Author

helloworld28 commented Feb 25, 2025

@helloworld28 I noticed that this patch is against branch-3.9. Shall we apply for master also?

OK, I will create another branch and PR for master, as current branch is based on branch-3.9, right?

@tisonkun
Copy link
Member

tisonkun commented Feb 25, 2025

Yes, correct.

@helloworld28
Copy link
Contributor Author

helloworld28 commented Feb 26, 2025

Yes, correct.
I have created another PR for master, could you help review it together? BTW, may I know when we will have a new version ?

@tisonkun
4.1.119 and license file
4c38795 
Signed-off-by: tison <wander4096@gmail.com>
@tisonkun tisonkun mentioned this pull request Mar 2, 2025
Merged
cnauroth
cnauroth approved these changes Mar 2, 2025
View reviewed changes
Copy link
Contributor

@cnauroth cnauroth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 on this backport too. Thanks all!

@zack-johnson5455
Copy link

zack-johnson5455 commented Mar 11, 2025

Any ETA on this PR getting merged and released? Running 3.9.3 and would love to able to avoid reports of this CVE

@cnauroth cnauroth merged commit d819760 into apache:branch-3.9 Mar 11, 2025
1 check failed
@cnauroth
Copy link
Contributor

cnauroth commented Mar 11, 2025

@zack-johnson5455 , thanks for the comment. I didn't realize this one was still waiting to get merged to branch-3.9. I have done that now.

There is no timeline established yet for a new 3.9 release. I recommend watching the dev@zookeeper.apache.org mailing list for updates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cnauroth cnauroth cnauroth approved these changes

@tisonkun tisonkun tisonkun approved these changes

@phunt phunt Awaiting requested review from phunt

@anmolnar anmolnar Awaiting requested review from anmolnar

@eolivelli eolivelli Awaiting requested review from eolivelli

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@helloworld28 @tisonkun @zack-johnson5455 @cnauroth