Release Notes
Release notes for ZooKeeper 3.9.x, including new features, bug fixes, improvements, and breaking changes.
Release Notes - ZooKeeper - Version 3.9.5
Sub-task
- ZOOKEEPER-842 - stat calls static method on org.apache.zookeeper.server.DataTree
Bug
- ZOOKEEPER-4736 - socket fd leak
- ZOOKEEPER-4871 - ZooKeeper python module (zkpython) is incompatible with Python 3.12
- ZOOKEEPER-4958 - "ssl.clientHostnameVerification" is ignored if "ssl.authProvider" is configured to "x509"
- ZOOKEEPER-4974 - Remove enforced JDK 17 compilation warnings
- ZOOKEEPER-4984 - Upgrade OWASP plugin to 12.1.6 due to breaking changes in the API
- ZOOKEEPER-4986 - Disable reverse DNS lookup in TLS client and server
- ZOOKEEPER-4989 - Compilation of client on Windows with MSVC is broken
Improvement
- ZOOKEEPER-3938 - Upgrade jline to version 3.x.
- ZOOKEEPER-4955 - Fix interference with jvm ssl properties for ssl.crl and ssl.ocsp
- ZOOKEEPER-4962 - Add getPort and getSecurePort for ZooKeeperServerEmbedded
- ZOOKEEPER-4965 - Drop unnecessary
@SuppressWarnings("deprecation") - ZOOKEEPER-4970 - Deprecate methods of ZKConfig which throw QuorumPeerConfig.ConfigException
Test
- ZOOKEEPER-4780 - Avoid creating temporary files in source directory.
Task
- ZOOKEEPER-4976 - Update Netty to fix CVE-2025-58057
- ZOOKEEPER-5017 - Upgrade Netty to 4.1.130.Final to address CVE-2025-67735
- ZOOKEEPER-5018 - Upgrade Jetty to 9.4.58.v20250814 in order to fix CVE-2025-5115
Release Notes - ZooKeeper - Version 3.9.4
Breaking Changes
ZOOKEEPER-4891 updates logback-classic to 1.3.15 to solve CVE issues and slf4j-api to 2.0.13 to meet the compatibility requirement of logback.
This could cause slf4j to complain "No SLF4J providers were found" and output no further logs in certain conditions:
- For library or client usage, this could happen if you specify and inherit incompatible slf4j and logback versions, say,
slf4j-api:2.0.13fromorg.apache.zookeeper:zookeeperandlogback-classic:1.2.13from customized project dependencies. - For application or deployment usage, this could happen if you custom and inherit incompatible slf4j and logback versions in classpath, say,
slf4j-api:2.0.13from zookeeper distribution andlogback-classic:1.2.13from customization.
This can be resolved by specifying compatible slf4j and logback versions in classpath, say, slf4j-api:2.0.13 and logback-classic:1.3.15.
Bug
- ZOOKEEPER-4020 - Memory leak in Zookeeper C Client
- ZOOKEEPER-4240 - IPV6 support in ZooKeeper ACL
- ZOOKEEPER-4604 - Creating a COMPLETION_STRING_STAT would set acl_result completion
- ZOOKEEPER-4699 - zh->hostname heap-use-after-free in zookeeper_interest
- ZOOKEEPER-4725 - TTL node creations do not appear in audit log
- ZOOKEEPER-4787 - Failed to establish connection between zookeeper
- ZOOKEEPER-4810 - Fix data race in format_endpoint_info()
- ZOOKEEPER-4819 - Can't seek for writable tls server if connected to readonly server
- ZOOKEEPER-4846 - Failure to reload database due to missing ACL
- ZOOKEEPER-4848 - Possible stack overflow in setup_random
- ZOOKEEPER-4858 - Remove the lock contention between snapshotting and the sync operation
- ZOOKEEPER-4872 - SnapshotCommand should not perform fastForwardFromEdits
- ZOOKEEPER-4886 - observer with small myid can't join SASL quorum
- ZOOKEEPER-4889 - Fallback to DIGEST-MD5 auth mech should be disabled in Fips mode
- ZOOKEEPER-4900 - Bump patch release of jetty to include CVE fix for CVE-2024-6763
- ZOOKEEPER-4907 - Shouldn't throw "Len error" when server closing cause confusion
- ZOOKEEPER-4909 - When a spurious wakeup occurs, the client's waiting time may exceed requestTimeout.
- ZOOKEEPER-4919 - ResponseCache supposed to be a LRU cache
- ZOOKEEPER-4921 - Zookeeper Client 3.9.3 Fails to Reconnect After Network Failures
- ZOOKEEPER-4925 - Diff sync introduce hole in stale follower's committedLog which cause data loss in leading
- ZOOKEEPER-4928 - Version in zookeeper_version.h is not updated
- ZOOKEEPER-4933 - Connection throttle exception causing all connections to be rejected
- ZOOKEEPER-4940 - Enabling zookeeper.ssl.ocsp with JRE TLS provider errors out
- ZOOKEEPER-4953 - Fixing Typo In ZooKeeper Programmer's Guide
- ZOOKEEPER-4960 - Upgrade OWASP plugin to 12.1.3 due to recent parsing errors
New Feature
- ZOOKEEPER-4895 - Introduce a helper function for C client to generate password for SASL authentication
Improvement
- ZOOKEEPER-4790 - TLS Quorum hostname verification breaks in some scenarios
- ZOOKEEPER-4852 - Fix the bad "*uuuuu" mark in the ASF license
- ZOOKEEPER-4891 - Update logback to 1.3.15 to fix CVE-2024-12798.
- ZOOKEEPER-4902 - Document that read-only mode also enables isro 4lw
- ZOOKEEPER-4906 - Log full exception details for server JAAS config failure
- ZOOKEEPER-4944 - Cache zookeeper dists for end to end compatibility tests
- ZOOKEEPER-4954 - Use FIPS style hostname verification when no custom truststore is specified
- ZOOKEEPER-4964 - Check permissions individually during admin server auth
Task
- ZOOKEEPER-4897 - Upgrade Netty to fix CVE-2025-24970 in ZooKeeper 3.9.3
- ZOOKEEPER-4959 - Fix license files after logback/slf4j upgrade
Release Notes - ZooKeeper - Version 3.9.3
Bug
- ZOOKEEPER-2332 - Zookeeper failed to start for empty txn log
- ZOOKEEPER-2623 - CheckVersion outside of Multi causes NullPointerException
- ZOOKEEPER-4293 - Lock Contention in ClientCnxnSocketNetty (possible deadlock)
- ZOOKEEPER-4394 - Learner.syncWithLeader got NullPointerException
- ZOOKEEPER-4409 - NullPointerException in SendAckRequestProcessor
- ZOOKEEPER-4508 - ZooKeeper client run to endless loop in ClientCnxn.SendThread.run if all server down
- ZOOKEEPER-4712 - Follower.shutdown() and Observer.shutdown() do not correctly shutdown the syncProcessor, which may lead to data inconsistency
- ZOOKEEPER-4733 - non-return function error and asan error in CPPUNIT TESTs
- ZOOKEEPER-4752 - Remove version files in zookeeper-server/src/main from .gitignore
- ZOOKEEPER-4804 - Use daemon threads for Netty client
- ZOOKEEPER-4814 - Protocol desynchronization after Connect for (some) old clients
- ZOOKEEPER-4839 - When DigestMD5 is used to enable mandatory client authentication, users that do not exist can log in
- ZOOKEEPER-4843 - Encountering an 'Unreasonable Length' error when configuring jute.maxbuffer to 1GB or more
- ZOOKEEPER-4876 - jetty-http-9.4.53.v20231009.jar: CVE-2024-6763(3.7)
New Feature
- ZOOKEEPER-4747 - Java api lacks synchronous version of sync() call
Improvement
- ZOOKEEPER-4850 - Enhance zkCli Tool to Support Reading and Writing Binary Data
- ZOOKEEPER-4851 - Honor X-Forwarded-For optionally in IPAuthenticationProvider
- ZOOKEEPER-4860 - Disable X-Forwarded-For in IPAuthenticationProvider by default
Test
- ZOOKEEPER-4859 - C client tests hang to be cancelled quite often
Task
- ZOOKEEPER-4820 - zookeeper pom leaks logback dependency
- ZOOKEEPER-4868 - Bump commons-io library to 2.14.0
Release Notes - ZooKeeper - Version 3.9.2
Sub-task
- ZOOKEEPER-910 - Use SelectionKey.isXYZ() methods instead of complicated binary logic
- ZOOKEEPER-4728 - Zookeeper cannot bind to itself forever if DNS is not ready when startup
Bug
- ZOOKEEPER-2590 - exists() should check read ACL permission
- ZOOKEEPER-4236 - Java Client SendThread create many unnecessary Login objects
- ZOOKEEPER-4415 - Zookeeper 3.7.0 : The client supported protocol versions [TLSv1.3] are not accepted by server preferences
- ZOOKEEPER-4730 - Incorrect datadir and logdir size reported from admin and 4lw dirs command
- ZOOKEEPER-4785 - Txn loss due to race condition in Learner.syncWithLeader() during DIFF sync
Improvement
- ZOOKEEPER-3486 - add the doc about how to configure SSL/TLS for the admin server
- ZOOKEEPER-4756 - Merge script should use GitHub api to merge pull requests
- ZOOKEEPER-4778 - Patch jetty, netty, and logback to remove high severity vulnerabilities
- ZOOKEEPER-4794 - Reduce the ZKDatabase#committedLog memory usage
- ZOOKEEPER-4799 - Refactor ACL check in addWatch command
- ZOOKEEPER-4801 - Add memory size limitation policy for ZkDataBase#committedLog
Wish
- ZOOKEEPER-4807 - Add sid for the leader goodbye log
Release Notes - ZooKeeper - Version 3.9.1
Improvement
- ZOOKEEPER-4732 - improve Reproducible Builds
- ZOOKEEPER-4753 - Explicit handling of DIGEST-MD5 vs GSSAPI in quorum auth
Task
- ZOOKEEPER-4751 - Update snappy-java to 1.1.10.5 to address CVE-2023-43642
- ZOOKEEPER-4754 - Update Jetty to avoid CVE-2023-36479, CVE-2023-40167, and CVE-2023-41900
- ZOOKEEPER-4755 - Handle Netty CVE-2023-4586
Release Notes - ZooKeeper - Version 3.9.0
Sub-task
- ZOOKEEPER-4327 - Flaky test: RequestThrottlerTest
Bug
- ZOOKEEPER-2108 - Compilation error in ZkAdaptor.cc with GCC 4.7 or later
- ZOOKEEPER-3652 - Improper synchronization in ClientCnxn
- ZOOKEEPER-3908 - zktreeutil multiple issues
- ZOOKEEPER-3996 - Flaky test: ReadOnlyModeTest.testConnectionEvents
- ZOOKEEPER-4026 - CREATE2 requests embedded in a MULTI request only get a regular CREATE response
- ZOOKEEPER-4296 - NullPointerException when ClientCnxnSocketNetty is closed without being opened
- ZOOKEEPER-4308 - Flaky test: EagerACLFilterTest.testSetDataFail
- ZOOKEEPER-4393 - Problem to connect to zookeeper in FIPS mode
- ZOOKEEPER-4466 - Support different watch modes on same path
- ZOOKEEPER-4471 - Remove WatcherType.Children break persistent watcher's child events
- ZOOKEEPER-4473 - zooInspector create root node fail with path validate
- ZOOKEEPER-4475 - Persistent recursive watcher got NodeChildrenChanged event
- ZOOKEEPER-4477 - Single Kerberos ticket renewal failure can prevent all future renewals since Java 9
- ZOOKEEPER-4504 - ZKUtil#deleteRecursive causing deadlock in HDFS HA functionality
- ZOOKEEPER-4505 - CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1
- ZOOKEEPER-4511 - Flaky test: FileTxnSnapLogMetricsTest.testFileTxnSnapLogMetrics
- ZOOKEEPER-4514 - ClientCnxnSocketNetty throwing NPE
- ZOOKEEPER-4515 - ZK Cli quit command always logs error
- ZOOKEEPER-4537 - Race between SyncThread and CommitProcessor thread
- ZOOKEEPER-4549 - ProviderRegistry may be repeatedly initialized
- ZOOKEEPER-4565 - Config watch path get truncated abnormally and fail chroot zookeeper client
- ZOOKEEPER-4647 - Tests don't pass on JDK20 because we try to mock InetAddress
- ZOOKEEPER-4654 - Fix C client test compilation error in Util.cc.
- ZOOKEEPER-4674 - C client tests don't pass on CI
- ZOOKEEPER-4719 - Use bouncycastle jdk18on instead of jdk15on
- ZOOKEEPER-4721 - Upgrade OWASP Dependency Check to 8.3.1
New Feature
- ZOOKEEPER-4570 - Admin server API for taking snapshot and stream out the data
- ZOOKEEPER-4655 - Communicate the Zxid that triggered a WatchEvent to fire
Improvement
- ZOOKEEPER-3731 - Disable HTTP TRACE Method
- ZOOKEEPER-3806 - TLS - dynamic loading for client trust/key store
- ZOOKEEPER-3860 - Avoid reverse DNS lookup for hostname verification when hostnames are provided in the connection url
- ZOOKEEPER-4289 - Reduce the performance impact of Prometheus metrics
- ZOOKEEPER-4303 - ZooKeeperServerEmbedded could auto-assign and expose ports
- ZOOKEEPER-4464 - zooinspector display "Ephemeral Owner" in hex for easy match to jmx session
- ZOOKEEPER-4467 - Missing op code (addWatch) in Request.op2String
- ZOOKEEPER-4472 - Support persistent watchers removing individually
- ZOOKEEPER-4474 - ZooDefs.opNames is unused
- ZOOKEEPER-4490 - Publish Clover results to SonarQube
- ZOOKEEPER-4491 - Adding SSL support to Zktreeutil
- ZOOKEEPER-4492 - Merge readOnly field into ConnectRequest and Response
- ZOOKEEPER-4494 - Fix error message format
- ZOOKEEPER-4518 - remove useless log in the PrepRequestProcessor#pRequest method
- ZOOKEEPER-4519 - Testable interface should have a testableCloseSocket() method
- ZOOKEEPER-4529 - Upgrade netty to 4.1.76.Final
- ZOOKEEPER-4531 - Revert Netty TCNative change
- ZOOKEEPER-4551 - Do not log spammy stacktrace when a client closes its connection
- ZOOKEEPER-4566 - Create tool for recursive snapshot analysis
- ZOOKEEPER-4573 - Encapsulate request bytebuffer in Request
- ZOOKEEPER-4575 - ZooKeeperServer#processPacket take record instead of bytes
- ZOOKEEPER-4616 - Upgrade docker image for the dev environment to resolve CVEs
- ZOOKEEPER-4622 - Add Netty-TcNative OpenSSL Support
- ZOOKEEPER-4636 - Fix zkServer.sh for AIX
- ZOOKEEPER-4657 - Publish SBOM artifacts
- ZOOKEEPER-4659 - Upgrade Commons CLI to 1.5.0 due to OWASP failing on 1.4 CVE-2021-37533
- ZOOKEEPER-4660 - Suppress false positive OWASP failure for CVE-2021-37533
- ZOOKEEPER-4661 - Upgrade Jackson Databind to 2.13.4.2 for CVE-2022-42003 CVE-2022-42004
- ZOOKEEPER-4705 - Restrict GitHub merge button to allow squash commit only
- ZOOKEEPER-4717 - Cache serialize data in the request to avoid repeat serialize.
- ZOOKEEPER-4718 - Removing unnecessary heap memory allocation in serialization can help reduce GC pressure.
Test
- ZOOKEEPER-4630 - Fix the NPE from ConnectionMetricsTest.testRevalidateCount
- ZOOKEEPER-4676 - ReadOnlyModeTest doesn't compile on JDK20 (Thread.suspend has been removed)
Wish
- ZOOKEEPER-3615 - write a TLA+ specification to verify Zab protocol
- ZOOKEEPER-4710 - Fix ZkUtil deleteInBatch() by releasing semaphore after set flag
- ZOOKEEPER-4714 - Improve syncRequestProcessor performance
- ZOOKEEPER-4715 - Verify file size and position in testGetCurrentLogSize.
Task
- ZOOKEEPER-4479 - Tests: C client test TestOperations.cc testTimeoutCausedByWatches1 is very flaky on CI
- ZOOKEEPER-4482 - Fix LICENSE FILES for commons-io and commons-cli
- ZOOKEEPER-4599 - Upgrade Jetty to avoid CVE-2022-2048
- ZOOKEEPER-4641 - GH CI fails with error: implicit declaration of function FIPS_mode
- ZOOKEEPER-4642 - Remove Travis CI
- ZOOKEEPER-4649 - Upgrade netty to 4.1.86 because of CVE-2022-41915
- ZOOKEEPER-4669 - Upgrade snappy-java to 1.1.9.1 (in order to support M1 macs)
- ZOOKEEPER-4688 - Upgrade
cyclonedx-maven-pluginto 2.7.6 - ZOOKEEPER-4700 - Update Jetty for fixing CVE-2023-26048 and CVE-2023-26049
- ZOOKEEPER-4707 - Update snappy-java to address multiple CVEs
- ZOOKEEPER-4709 - Upgrade Netty to 4.1.94.Final
- ZOOKEEPER-4716 - Upgrade jackson to 2.15.2, suppress two false positive CVE errors