The Security Problem
Four Letter Words (acronym as 4lw) is a very popular feature of the Apache ZooKeeper project. In a nutshell, 4lw is a set of commands that you can use to interact with a ZooKeeper ensemble through a shell interface. Because it’s simple and easy to use, lots of ZooKeeper monitoring solutions are built on top of 4lw.
The simplicity of 4lw comes at a cost: the design did not originally consider security,
The Apache ZooKeeper team has announced that Apache ZooKeeper release 3.5.3-beta is now available! This release is the first beta release of the 3.5 series, which cover 77 issues, thirteen of which were considered blockers. Here are some highlights:
- ZOOKEEPER-2719 Enable creation of TTL nodes, which are znode that’s not tied to a session and will get cleaned up automatically once expired.
- ZOOKEEPER-2014 Only admin roles should be allowed to reconfigure a cluster
- ZOOKEEPER-2693 Prevent DOS attack on wchp/wchc four letter words (4lw)
Critical Bug Fixes
- ZOOKEEPER-2383 Solve startup race in ZooKeeperServer
- ZOOKEEPER-2172 Cluster crashes when reconfig a new node as a participant
- ZOOKEEPER-2737 NettyServerCnxFactory leaks connection if exception happens while writing to a channel
- ZOOKEEPER-2247 Zookeeper service becomes unavailable when leader fails to write transaction log
- ZOOKEEPER-2080 Fix deadlock in dynamic reconfiguration
- ZOOKEEPER-2687 Deadlock while shutting down the Leader server
Apache ZooKeeper is a core infrastructure component in Apache Hadoop stack and is also widely used by many companies for service discovery, configuration management, and so on. Previously ZooKeeper does not support authentication and authorization of servers that are participating in the leader election and quorum forming process; ZooKeeper assumes that every server that is listed in the ZooKeeper configuration file (zoo.cfg) is authenticated. As a result, a server listed in zoo.cfg can join the ensemble even if it is compromised,
Thanks to Karthik Vadla, Abhi Basu, and Monica Martinez-Canales of Intel Corp. for the following guest post about using CDH for cost-effective processing/indexing of DICOM (medical) images.
Medical imaging has rapidly become the best non-invasive method to evaluate a patient and determine whether a medical condition exists. Imaging is used to assist in the diagnosis of a condition and, in most cases, is the first step of the journey through the modern medical system.
The guest post below was originally authored by Pinterest engineer Raghavendra Prabhu and published by the Pinterest Engineering blog. Being big ZooKeeper fans, we re-publish it here for your convenience. Thanks, Pinterest!
Apache ZooKeeper is an open source distributed coordination service that’s popular for use cases like service discovery, dynamic configuration management and distributed locking. While it’s versatile and useful, it has failure modes that can be hard to prepare for and recover from,