Upgrade to Curator 5.4 and Zookeeper 3.7

vert-x3 / vertx-zookeeper

Zookeeper based cluster manager implementation

Other

73 stars 67 forks source link

Upgrade to Curator 5.4 and Zookeeper 3.7 #124

Closed neterium closed 1 year ago

neterium commented 2 years ago

Hi,

Our vulnerability scans indicates that there is a vulnerability with the apache zookeeper 3.5.9 :

https://nvd.nist.gov/vuln/detail/CVE-2021-21295

Maybe it would be wise to migrate to a newer version of apache curator ? This will also align your netty dependency with recent builds...

Regards, Thomas

vietj commented 2 years ago

agreed

neterium commented 1 year ago

Any update ? The latest stable release is now much ahead of vertx' one :( See: Zookeeper releases, even version 3.6.x is now EoL ...

tsegismont commented 1 year ago

Not yet

tsegismont commented 1 year ago

Would you like to contribute the upgrade?

neterium commented 1 year ago

I can't unfortunately, but we are using ZK 3.7 without any issue for months now, knowing that we only use a subset of all the possibilities of the vertx cluster of course. I thought that you "only" had to update curator and pass through your non-regression ?

tsegismont commented 1 year ago

You could start a PR with just that update and we'll see what happens.

vmorsiani commented 1 year ago

Hi,

You'll find the PR linked to this issue. As for the modifications, I upgraded curator to the latest version and zookeeper to the latest "stable" release.

I also had to upgrade junit and add junit-vintage for backward compatibility due to the fact that curator-test is relying on junit 5.x

tsegismont commented 1 year ago

Thank you @vmorsiani , I'll review it asap