Release Notes - ZooKeeper - Version 3.6.4

Bug

• ZOOKEEPER-1875 - NullPointerException in ClientCnxn$EventThread.processEvent
• ZOOKEEPER-3652 - Improper synchronization in ClientCnxn
• ZOOKEEPER-3781 - Zookeeper 3.5.7 not creating snapshot
• ZOOKEEPER-3988 - org.apache.zookeeper.server.NettyServerCnxn.receiveMessage throws NullPointerException
• ZOOKEEPER-4247 - NPE while processing message from restarted quorum member
• ZOOKEEPER-4275 - Slowness in sasl login or subject.doAs() causes zk client to falsely assume that the server did not respond, closes connection and goes to unnecessary retries
• ZOOKEEPER-4331 - zookeeper artifact is not compatible with OSGi runtime
• ZOOKEEPER-4345 - Avoid NoSunchMethodException caused by shaded zookeeper jar
• ZOOKEEPER-4360 - Avoid NPE during metrics execution if the leader is not set on a FOLLOWER node
• ZOOKEEPER-4362 - ZKDatabase.txnCount logged non transactional requests
• ZOOKEEPER-4445 - branch-3.6 txnLogCountTest use wrong version of Junit Assert import
• ZOOKEEPER-4446 - branch-3.6 txnLogCountTest use wrong version of Junit Assert import
• ZOOKEEPER-4452 - Log4j 1.X CVE-2022-23302/5/7 vulnerabilities
• ZOOKEEPER-4477 - Single Kerberos ticket renewal failure can prevent all future renewals since Java 9
• ZOOKEEPER-4504 - ZKUtil#deleteRecursive causing deadlock in HDFS HA functionality
• ZOOKEEPER-4505 - CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1
• ZOOKEEPER-4514 - ClientCnxnSocketNetty throwing NPE
• ZOOKEEPER-4515 - ZK Cli quit command always logs error
• ZOOKEEPER-4516 - checkstyle:check is failing
• ZOOKEEPER-4537 - Race between SyncThread and CommitProcessor thread
• ZOOKEEPER-4654 - Fix C client test compilation error in Util.cc.

Improvement

• ZOOKEEPER-4382 - Update Maven Bundle Plugin in order to allow builds on JDK18
• ZOOKEEPER-4455 - Move to https://reload4j.qos.ch/ (remove log4j1)
• ZOOKEEPER-4462 - Upgrade Netty TCNative to 2.0.48
• ZOOKEEPER-4468 - Backport BCFKS key/trust store format support to branch 3.5
• ZOOKEEPER-4529 - Upgrade netty to 4.1.76.Final
• ZOOKEEPER-4531 - Revert Netty TCNative change
• ZOOKEEPER-4551 - Do not log spammy stacktrace when a client closes its connection
• ZOOKEEPER-4602 - Upgrade reload4j due to XXE vulnerability

Task

• ZOOKEEPER-4315 - Fix NOTICE file in the source distribution
• ZOOKEEPER-4337 - CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0
• ZOOKEEPER-4414 - Update Netty to 4.1.70.Final
• ZOOKEEPER-4429 - Update jackson-databind to 2.13.1
• ZOOKEEPER-4454 - Upgrade Netty to 4.1.73
• ZOOKEEPER-4469 - Suppress OWASP false positives related to Netty TCNative
• ZOOKEEPER-4478 - Suppress OWASP false positives zookeeper-jute-3.8.0-SNAPSHOT.jar: CVE-2021-29425, CVE-2021-28164, CVE-2021-34429
• ZOOKEEPER-4510 - dependency-check:check failing - reload4j-1.2.19.jar: CVE-2020-9493, CVE-2022-23307
• ZOOKEEPER-4641 - GH CI fails with error: implicit declaration of function FIPS_mode
• ZOOKEEPER-4644 - Update 3rd party library versions before release 3.6.4
• ZOOKEEPER-4645 - Backport ZOOKEEPER-3941 (commons-cli upgrade) to branch-3.6
• ZOOKEEPER-4649 - Upgrade netty to 4.1.86 because of CVE-2022-41915
• ZOOKEEPER-4651 - Fix checkstyle problems on branch-3.6