Is Apache ZooKeeper 3.6.4 patched?
Current stable (3.9.5): 100/100
3.6.4 has 1 open critical-or-high vulnerability. Run 3.7.2 or later to clear it. See what 3.7.2 fixes →
Summary iPlain-English security status for Apache ZooKeeper 3.6.4, built from its CVEs, active-exploitation data, end-of-life date and latest release.
Apache ZooKeeper 3.6.4 is part of the 3.6 release line. 2 known vulnerabilities affect it. The minimum safe version is 3.7.2 — upgrade to it or later to clear the open critical/high issues. The 3.6 line reached end-of-life on 2022-12-30, so it no longer receives security patches. The latest supported Apache ZooKeeper release is 3.9.5.
Known issues affecting 3.6.4
Exploited first, then by exploitation probability.
CVE-2023-44981 CRITICAL EPSS 2% → fixed in 3.8.3 CVE-2024-23944 MEDIUM EPSS 0% → fixed in 3.9.2Other Apache ZooKeeper versions
Check another release line of Apache ZooKeeper.
Frequently asked
Is Apache ZooKeeper 3.6.4 patched?
Apache ZooKeeper 3.6.4 is end-of-life and no longer receives security patches. Move to 3.9.5.
What version should I upgrade Apache ZooKeeper 3.6.4 to?
Upgrade Apache ZooKeeper 3.6.4 to at least 3.7.2 to clear its 1 open critical-or-high vulnerability.
When does Apache ZooKeeper 3.6 reach end-of-life?
Apache ZooKeeper 3.6 reached end-of-life on 2022-12-30 and no longer receives security patches.
What is the latest version of Apache ZooKeeper?
The latest supported Apache ZooKeeper release is 3.9.5.
Is Apache ZooKeeper 3.6.4 still receiving security updates?
No — Apache ZooKeeper 3.6.4 is on the 3.6 line, which reached end-of-life on 2022-12-30 and no longer receives security updates. Upgrade to 3.9.5 or later to stay supported.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Apache's official advisory before you patch or upgrade — Apache ZooKeeper official site ↗