From f110dec32126f15b5592cde6ec664a2e97bffcfd Mon Sep 17 00:00:00 2001
From: Lari Hotari <lhotari@users.noreply.github.com>
Date: Tue, 12 Nov 2024 03:09:14 +0000
Subject: [PATCH] [fix][sec] Upgrade Zookeeper to 3.9.3 to address
 CVE-2024-51504 (#23581)

(cherry picked from commit d7433d0f3d383651bd0c49b1858ebf7da50dbe1c)
(cherry picked from commit b5dfd4b051504b71821e10953afce0577cf05612)
---
 distribution/server/src/assemble/LICENSE.bin.txt | 12 ++++++------
 pom.xml                                          |  4 ++--
 pulsar-sql/presto-distribution/LICENSE           |  4 ++--
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index ad791bed644ee..9d1f0c86fdefe 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -453,9 +453,9 @@ The Apache Software License, Version 2.0
     - org.apache.avro-avro-1.11.4.jar
     - org.apache.avro-avro-protobuf-1.11.4.jar
   * Apache Curator
-    - org.apache.curator-curator-client-5.1.0.jar
-    - org.apache.curator-curator-framework-5.1.0.jar
-    - org.apache.curator-curator-recipes-5.1.0.jar
+    - org.apache.curator-curator-client-5.7.1.jar
+    - org.apache.curator-curator-framework-5.7.1.jar
+    - org.apache.curator-curator-recipes-5.7.1.jar
   * Apache Yetus
     - org.apache.yetus-audience-annotations-0.12.0.jar
   * Kubernetes Client
@@ -482,9 +482,9 @@ The Apache Software License, Version 2.0
     - io.vertx-vertx-web-4.5.10.jar
     - io.vertx-vertx-web-common-4.5.10.jar
   * Apache ZooKeeper
-    - org.apache.zookeeper-zookeeper-3.9.2.jar
-    - org.apache.zookeeper-zookeeper-jute-3.9.2.jar
-    - org.apache.zookeeper-zookeeper-prometheus-metrics-3.9.2.jar
+    - org.apache.zookeeper-zookeeper-3.9.3.jar
+    - org.apache.zookeeper-zookeeper-jute-3.9.3.jar
+    - org.apache.zookeeper-zookeeper-prometheus-metrics-3.9.3.jar
   * Snappy Java
     - org.xerial.snappy-snappy-java-1.1.10.5.jar
   * Google HTTP Client
diff --git a/pom.xml b/pom.xml
index 21f6b93b38835..d4b18b2999f4c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -137,12 +137,12 @@ flexible messaging model and an intuitive client API.</description>
     <commons-compress.version>1.26.0</commons-compress.version>
 
     <bookkeeper.version>4.16.6</bookkeeper.version>
-    <zookeeper.version>3.9.2</zookeeper.version>
+    <zookeeper.version>3.9.3</zookeeper.version>
     <commons-cli.version>1.5.0</commons-cli.version>
     <commons-text.version>1.10.0</commons-text.version>
     <snappy.version>1.1.10.5</snappy.version> <!-- ZooKeeper server -->
     <dropwizardmetrics.version>4.1.12.1</dropwizardmetrics.version> <!-- ZooKeeper server -->
-    <curator.version>5.1.0</curator.version>
+    <curator.version>5.7.1</curator.version>
     <netty.version>4.1.113.Final</netty.version>
     <netty-iouring.version>0.0.21.Final</netty-iouring.version>
     <jetty.version>9.4.56.v20240826</jetty.version>
diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
index 945d8128b3ccf..e40a793827062 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -467,8 +467,8 @@ The Apache Software License, Version 2.0
     - memory-0.8.3.jar
     - sketches-core-0.8.3.jar
   * Apache Zookeeper
-    - zookeeper-3.9.2.jar
-    - zookeeper-jute-3.9.2.jar
+    - zookeeper-3.9.3.jar
+    - zookeeper-jute-3.9.3.jar
   * Apache Yetus Audience Annotations
     - audience-annotations-0.12.0.jar
   * Perfmark