Author Archives: Michael Han

Apache ZooKeeper 3.5.3-beta Has Been Released

Categories: ZooKeeper

The Apache ZooKeeper team has announced that Apache ZooKeeper release 3.5.3-beta is now available! This release is the first beta release of the 3.5 series, which cover 77 issues, thirteen of which were considered blockers. Here are some highlights:

New Feature

  • ZOOKEEPER-2719 Enable creation of TTL nodes, which are znode that’s not tied to a session and will get cleaned up automatically once expired.

Security Fixes

  • ZOOKEEPER-2014 Only admin roles should be allowed to reconfigure a cluster
  • ZOOKEEPER-2693 Prevent DOS attack on wchp/wchc four letter words (4lw)

Critical Bug Fixes

  • ZOOKEEPER-2383 Solve startup race in ZooKeeperServer
  • ZOOKEEPER-2172 Cluster crashes when reconfig a new node as a participant
  • ZOOKEEPER-2737 NettyServerCnxFactory leaks connection if exception happens while writing to a channel
  • ZOOKEEPER-2247 Zookeeper service becomes unavailable when leader fails to write transaction log
  • ZOOKEEPER-2080 Fix deadlock in dynamic reconfiguration
  • ZOOKEEPER-2687 Deadlock while shutting down the Leader server

Stability,

Read More

Hardening Apache ZooKeeper Security: SASL Quorum Peer Mutual Authentication and Authorization

Categories: ZooKeeper

Background

Apache ZooKeeper is a core infrastructure component in Apache Hadoop stack and is also widely used by many companies for service discovery, configuration management, and so on. Previously ZooKeeper does not support authentication and authorization of servers that are participating in the leader election and quorum forming process; ZooKeeper assumes that every server that is listed in the ZooKeeper configuration file (zoo.cfg) is authenticated. As a result, a server listed in zoo.cfg can join the ensemble even if it is compromised,

Read More