Upgrade Zookeeper to 3.9.3 to address CVE-2024-51504 (#4523)

* Upgrade Zookeeper to 3.9.3 to address CVE-2024-51504

* Upgrade curator to 5.7.1

bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt

@@ -261,9 +261,9 @@ Apache Software License, Version 2.
 - lib/org.apache.logging.log4j-log4j-slf4j2-impl-2.23.1.jar [17]
 - lib/org.apache.commons-commons-collections4-4.1.jar [19]
 - lib/org.apache.commons-commons-lang3-3.6.jar [20]
-- lib/org.apache.zookeeper-zookeeper-3.8.4.jar [21]
-- lib/org.apache.zookeeper-zookeeper-jute-3.8.4.jar [21]
-- lib/org.apache.zookeeper-zookeeper-3.8.4-tests.jar [21]
+- lib/org.apache.zookeeper-zookeeper-3.9.3.jar [21]
+- lib/org.apache.zookeeper-zookeeper-jute-3.9.3.jar [21]
+- lib/org.apache.zookeeper-zookeeper-3.9.3-tests.jar [21]
 - lib/org.eclipse.jetty-jetty-http-9.4.53.v20231009.jar [22]
 - lib/org.eclipse.jetty-jetty-io-9.4.53.v20231009.jar [22]
 - lib/org.eclipse.jetty-jetty-security-9.4.53.v20231009.jar [22]
@@ -299,9 +299,9 @@ Apache Software License, Version 2.
 - lib/io.grpc-grpc-util-1.64.0.jar [33]
 - lib/io.grpc-grpc-xds-1.64.0.jar [33]
 - lib/io.grpc-grpc-rls-1.64.0.jar[33]
-- lib/org.apache.curator-curator-client-5.1.0.jar [34]
-- lib/org.apache.curator-curator-framework-5.1.0.jar [34]
-- lib/org.apache.curator-curator-recipes-5.1.0.jar [34]
+- lib/org.apache.curator-curator-client-5.7.1.jar [34]
+- lib/org.apache.curator-curator-framework-5.7.1.jar [34]
+- lib/org.apache.curator-curator-recipes-5.7.1.jar [34]
 - lib/com.google.errorprone-error_prone_annotations-2.9.0.jar [36]
 - lib/org.apache.yetus-audience-annotations-0.12.0.jar [37]
 - lib/org.jctools-jctools-core-2.1.2.jar [38]
@@ -383,7 +383,7 @@ Apache Software License, Version 2.
 [29] Source available at https://github.com/google/gson/tree/gson-parent-2.10.1
 [30] Source available at https://github.com/census-instrumentation/opencensus-java/tree/v0.31.1
 [33] Source available at https://github.com/grpc/grpc-java/tree/v1.64.0
-[34] Source available at https://github.com/apache/curator/releases/tag/apache.curator-5.1.0
+[34] Source available at https://github.com/apache/curator/releases/tag/apache.curator-5.7.1
 [36] Source available at https://github.com/google/error-prone/tree/v2.9.0
 [37] Source available at https://github.com/apache/yetus/tree/rel/0.12.0
 [38] Source available at https://github.com/JCTools/JCTools/tree/v2.1.2

bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt

@@ -242,9 +242,9 @@ Apache Software License, Version 2.
 - lib/org.apache.logging.log4j-log4j-slf4j2-impl-2.23.1.jar [16]
 - lib/org.apache.commons-commons-collections4-4.1.jar [18]
 - lib/org.apache.commons-commons-lang3-3.6.jar [19]
-- lib/org.apache.zookeeper-zookeeper-3.8.4.jar [20]
-- lib/org.apache.zookeeper-zookeeper-jute-3.8.4.jar [20]
-- lib/org.apache.zookeeper-zookeeper-3.8.4-tests.jar [20]
+- lib/org.apache.zookeeper-zookeeper-3.9.3.jar [20]
+- lib/org.apache.zookeeper-zookeeper-jute-3.9.3.jar [20]
+- lib/org.apache.zookeeper-zookeeper-3.9.3-tests.jar [20]
 - lib/com.beust-jcommander-1.82.jar [23]
 - lib/net.jpountz.lz4-lz4-1.3.0.jar [25]
 - lib/com.google.api.grpc-proto-google-common-protos-2.29.0.jar [27]
@@ -270,9 +270,9 @@ Apache Software License, Version 2.
 - lib/io.grpc-grpc-util-1.64.0.jar [32]
 - lib/io.grpc-grpc-xds-1.64.0.jar [32]
 - lib/io.grpc-grpc-rls-1.64.0.jar[32]
-- lib/org.apache.curator-curator-client-5.1.0.jar [33]
-- lib/org.apache.curator-curator-framework-5.1.0.jar [33]
-- lib/org.apache.curator-curator-recipes-5.1.0.jar [33]
+- lib/org.apache.curator-curator-client-5.7.1.jar [33]
+- lib/org.apache.curator-curator-framework-5.7.1.jar [33]
+- lib/org.apache.curator-curator-recipes-5.7.1.jar [33]
 - lib/com.google.errorprone-error_prone_annotations-2.9.0.jar [35]
 - lib/org.apache.yetus-audience-annotations-0.12.0.jar [36]
 - lib/org.jctools-jctools-core-2.1.2.jar [37]
@@ -316,7 +316,7 @@ Apache Software License, Version 2.
 [28] Source available at https://github.com/google/gson/tree/gson-parent-2.10.1
 [29] Source available at https://github.com/census-instrumentation/opencensus-java/tree/v0.31.1
 [32] Source available at https://github.com/grpc/grpc-java/tree/v1.64.0
-[33] Source available at https://github.com/apache/curator/tree/apache-curator-5.1.0
+[33] Source available at https://github.com/apache/curator/tree/apache-curator-5.7.1
 [35] Source available at https://github.com/google/error-prone/tree/v2.9.0
 [36] Source available at https://github.com/apache/yetus/tree/rel/0.12.0
 [37] Source available at https://github.com/JCTools/JCTools/tree/v2.1.2

bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt

@@ -261,9 +261,9 @@ Apache Software License, Version 2.
 - lib/org.apache.logging.log4j-log4j-slf4j2-impl-2.23.1.jar [17]
 - lib/org.apache.commons-commons-collections4-4.1.jar [19]
 - lib/org.apache.commons-commons-lang3-3.6.jar [20]
-- lib/org.apache.zookeeper-zookeeper-3.8.4.jar [21]
-- lib/org.apache.zookeeper-zookeeper-jute-3.8.4.jar [21]
-- lib/org.apache.zookeeper-zookeeper-3.8.4-tests.jar [21]
+- lib/org.apache.zookeeper-zookeeper-3.9.3.jar [21]
+- lib/org.apache.zookeeper-zookeeper-jute-3.9.3.jar [21]
+- lib/org.apache.zookeeper-zookeeper-3.9.3-tests.jar [21]
 - lib/org.eclipse.jetty-jetty-http-9.4.53.v20231009.jar [22]
 - lib/org.eclipse.jetty-jetty-io-9.4.53.v20231009.jar [22]
 - lib/org.eclipse.jetty-jetty-security-9.4.53.v20231009.jar [22]
@@ -299,9 +299,9 @@ Apache Software License, Version 2.
 - lib/io.grpc-grpc-util-1.64.0.jar [33]
 - lib/io.grpc-grpc-xds-1.64.0.jar [33]
 - lib/io.grpc-grpc-rls-1.64.0.jar[33]
-- lib/org.apache.curator-curator-client-5.1.0.jar [34]
-- lib/org.apache.curator-curator-framework-5.1.0.jar [34]
-- lib/org.apache.curator-curator-recipes-5.1.0.jar [34]
+- lib/org.apache.curator-curator-client-5.7.1.jar [34]
+- lib/org.apache.curator-curator-framework-5.7.1.jar [34]
+- lib/org.apache.curator-curator-recipes-5.7.1.jar [34]
 - lib/com.google.errorprone-error_prone_annotations-2.9.0.jar [36]
 - lib/org.apache.yetus-audience-annotations-0.12.0.jar [37]
 - lib/org.jctools-jctools-core-2.1.2.jar [38]
@@ -379,7 +379,7 @@ Apache Software License, Version 2.
 [29] Source available at https://github.com/google/gson/tree/gson-parent-2.10.1
 [30] Source available at https://github.com/census-instrumentation/opencensus-java/tree/v0.31.1
 [33] Source available at https://github.com/grpc/grpc-java/tree/v1.64.0
-[34] Source available at https://github.com/apache/curator/releases/tag/apache.curator-5.1.0
+[34] Source available at https://github.com/apache/curator/releases/tag/apache.curator-5.7.1
 [36] Source available at https://github.com/google/error-prone/tree/v2.9.0
 [37] Source available at https://github.com/apache/yetus/tree/rel/0.12.0
 [38] Source available at https://github.com/JCTools/JCTools/tree/v2.1.2

pom.xml

@@ -128,7 +128,7 @@
     <commons-lang3.version>3.6</commons-lang3.version>
     <commons-io.version>2.17.0</commons-io.version>
     <bouncycastle.version>1.0.2.5</bouncycastle.version>
-    <curator.version>5.1.0</curator.version>
+    <curator.version>5.7.1</curator.version>
     <disruptor.version>4.0.0</disruptor.version>
     <dropwizard.version>4.1.12.1</dropwizard.version>
     <jetcd.version>0.7.7</jetcd.version>
@@ -175,7 +175,7 @@
     <javax-annotations-api.version>1.3.2</javax-annotations-api.version>
     <testcontainers.version>1.19.4</testcontainers.version>
     <vertx.version>4.5.7</vertx.version>
-    <zookeeper.version>3.8.4</zookeeper.version>
+    <zookeeper.version>3.9.3</zookeeper.version>
     <snappy.version>1.1.10.5</snappy.version>
     <jctools.version>2.1.2</jctools.version>
     <hppc.version>0.9.1</hppc.version>