Fixed issues in ZooKeeper
This section lists the issues that have been fixed since the previous version.
- CDPD-10091: Upgrade jackson-databind to version 2.9.10.4 to resolve multiple CVEs
-
Upgraded Jackson Databind to 2.9.10.4 to address to following CVEs: CVE-2020-9547, CVE-2020-11111, CVE-2020-10672, CVE-2020-10969, CVE-2020-11112, CVE-2020-9548, CVE-2020-9546, CVE-2020-10968, CVE-2020-10673, CVE-2020-11113.
- CDPD-10532: Update Log4j to address CVE-2019-17571
-
Replaced log4j with an internal version to fix CVE-2019-17571.
- CDPD-7723: ZooKeeper - Upgrade to Jetty 9.4.26 to avoid CVEs
- ZooKeeper now uses Jetty 9.4.26, which addresses the following CVEs: CVE‑2017‑7656, CVE‑2017‑7657,CVE‑2017‑7658, CVE‑2018‑12536, CVE‑2017‑9735, CVE‑2019‑10247.