[
https://issues.apache.org/jira/browse/KAFKA-20349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ming-Yen Chung reassigned KAFKA-20349:
--------------------------------------
Assignee: Ming-Yen Chung (was: Yeojun Kim)
> Upgrade to ZooKeeper 3.8.6 - fix CVE-2026-24308
> -----------------------------------------------
>
> Key: KAFKA-20349
> URL: https://issues.apache.org/jira/browse/KAFKA-20349
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 3.9.2
> Reporter: Martin Schwaiger
> Assignee: Ming-Yen Chung
> Priority: Major
> Attachments: Upgrade_to_ZooKeeper_3_8_6__Fix_CVE-2026-24308.patch
>
>
> Update dependency ZooKeeper "org.apache.zookeeper:zookeeper" from 3.8.4 to
> 3.8.6 to fix CVE-2026-24308 in kafka_2.13:3.9.2.
> [https://www.cve.org/CVERecord?id=CVE-2026-24308]
> [https://zookeeper.apache.org/security.html#CVE-2026-24308]
> Workaround:
> In the meantime, add a constraint for dependency ZooKeeper to update manually
> to version 3.8.6
> {noformat}
> implementation ("org.apache.zookeeper:zookeeper:3.8.6")
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
