#28518 Vulnerability in Apache ZooKeeper: Missing ACL check for Persistent Watchers

#28520

Define charset for JavaScript references

#28522

DropDown should also display a tooltip when closed

#28519

Incorrect preload for attributes whose values are stored in the target table

#28506

Core theme: Last column of a table with V-scrollbars cannot be widened

#28517

Fix security vulnerability CVE-2023-22102 in MySQL Connector/J

#28518

Vulnerability in Apache ZooKeeper: Missing ACL check for Persistent Watchers

#28521

JSON: Error when parsing exponential representation with small "e"

#28525

Parameters of handleOnChange of the SelectOptionControl do not match the call.

Bugfix

SecurityIssue TLKafka

The currently used Apache ZooKeeper version 3.8.3 is affected by a security vulnerability that allows unauthorized disclosure of information.

**CVE-2024-23944:**

When setting persistent watchers (addWatch command) on a parent ZNode, no ACL check is performed when the watch event is triggered.
This allows an attacker who already has access to the parent ZNode to view the complete paths of child ZNodes.
Although no data is exposed, the paths may contain sensitive information such as usernames or login IDs.

To fix this, the ZooKeeper version will be updated to 3.8.4 or 3.9.2, in which this vulnerability has been fixed.