Correction: posted the wrong JIRA in my previous email. Instead of https://issues.apache.org/jira/browse/KAFKA-15001, please consider this https://issues.apache.org/jira/browse/KAFKA-15487
-- Divij Vaidya On Mon, Sep 25, 2023 at 10:04 AM Divij Vaidya <divijvaidy...@gmail.com> wrote: > > Hi Satish > > 1. I agree with Luke. It's a "high" severity vulnerability and we > should create another RC with the upgraded Snappy version. If we > create another RC, we should also fix a different CVE resported in > https://issues.apache.org/jira/browse/KAFKA-15001 > > 2. I was hoping you could post the results of system tests before I > vote on this. I am particularly interested in looking at > producer/consumer performance results since we have quite a few > changes in this release. What is the plan on the system tests? > > -- > Divij Vaidya > > On Mon, Sep 25, 2023 at 9:10 AM Luke Chen <show...@gmail.com> wrote: > > > > Hi Satish, > > > > Snappy-java published a new vulnerability > > <https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv> > > that will cause OOM error in the server. > > Kafka is also impacted by this vulnerability since it's like CVE-2023-34455 > > <https://nvd.nist.gov/vuln/detail/CVE-2023-34455>. > > We'd better bump the snappy-java version to bypass this vulnerability. > > PR <https://github.com/apache/kafka/pull/14434> is created to run the CI > > build. > > > > Thanks. > > Luke > > > > > > On Mon, Sep 25, 2023 at 2:38 PM Satish Duggana <satish.dugg...@gmail.com> > > wrote: > > > > > Thanks to everyone who voted for this release. > > > > > > We have 2 +1 PMC votes and 3 +1 non-binding votes. We are past the > > > deadline. Please try RC1 and send your vote to this email thread. > > > > > > Thanks, > > > Satish. > > > > > > > > > On Sun, 24 Sept 2023 at 13:23, Justine Olshan > > > <jols...@confluent.io.invalid> wrote: > > > > > > > > Hi Satish, > > > > > > > > I've done the following: > > > > - Verified signature > > > > - Built from Java 17/Scala 2.13 and Java 8/Scala 2.11 > > > > - Run unit + integration tests > > > > - Ran a shorter Trogdor transactional-produce-bench on a single broker > > > > cluster (KRaft and ZK) to verify transactional workloads worked > > > reasonably > > > > > > > > Minor thing (we can discuss elsewhere and is non-blocking for the > > > release) > > > > but if ZK has been deprecated since 3.5 we should move up the Kraft > > > > setup > > > > in the quickstart guide <http://goog_2103708782>here > > > > <https://kafka.apache.org/quickstart>. > > > > > > > > +1 (binding) from me. > > > > > > > > Justine > > > > > > > > On Sun, Sep 24, 2023 at 7:09 AM Federico Valeri <fedeval...@gmail.com> > > > > wrote: > > > > > > > > > Hi Satish, I did the following to verify the release: > > > > > > > > > > - Verified signature and checksum > > > > > - Built from source with Java 17 and Scala 2.13 > > > > > - Ran all unit and integration tests > > > > > - Spot checked release notes and documentation > > > > > - Ran a custom client using staging artifacts on a 3-nodes cluster > > > > > - Tested tiered storage with one of the available RSM implementations > > > > > > > > > > +1 (non binding) > > > > > > > > > > Thanks > > > > > Fede > > > > > > > > > > > > > > > On Sun, Sep 24, 2023 at 8:49 AM Luke Chen <show...@gmail.com> wrote: > > > > > > > > > > > > Hi Satish, > > > > > > > > > > > > I verified with: > > > > > > 1. Ran quick start in KRaft for scala 2.12 artifact > > > > > > 2. Making sure the checksum are correct > > > > > > 3. Browsing release notes, documents, javadocs, protocols. > > > > > > > > > > > > I filed KAFKA-15491 < > > > https://issues.apache.org/jira/browse/KAFKA-15491 > > > > > >for > > > > > > log output improvement while testing stream application. > > > > > > It won't be blocker in v3.6.0. > > > > > > > > > > > > For KAFKA-15489 <https://issues.apache.org/jira/browse/KAFKA-15489>, > > > I'm > > > > > > fine if we decide to fix it in v3.6.1/v3.7.0. > > > > > > > > > > > > +1 (binding) from me. > > > > > > > > > > > > Thank you. > > > > > > Luke > > > > > > > > > > > > On Sun, Sep 24, 2023 at 3:38 AM Ismael Juma <m...@ismaeljuma.com> > > > wrote: > > > > > > > > > > > > > Given that this is not a regression and there have been no reports > > > for > > > > > over > > > > > > > a year, I think it's ok for this to land in 3.6.1. > > > > > > > > > > > > > > Ismael > > > > > > > > > > > > > > On Sat, Sep 23, 2023 at 9:32 AM Satish Duggana < > > > > > satish.dugg...@gmail.com> > > > > > > > wrote: > > > > > > > > > > > > > > > Thanks Luke for reporting KRaft issue[1]. > > > > > > > > > > > > > > > > I am not sure whether it is a release blocker for 3.6.0. Need > > > input > > > > > > > > from other KRaft experts also to finalize the decision. Even if > > > we > > > > > > > > adopt a fix, do not we need to bake it for some time before it > > > > > > > > is > > > > > > > > pushed to production to avoid any regressions as this change is > > > in > > > > > the > > > > > > > > critical paths? > > > > > > > > > > > > > > > > 1. https://issues.apache.org/jira/browse/KAFKA-15489 > > > > > > > > > > > > > > > > Thanks, > > > > > > > > Satish. > > > > > > > > > > > > > > > > On Sat, 23 Sept 2023 at 03:08, Luke Chen <show...@gmail.com> > > > wrote: > > > > > > > > > > > > > > > > > > Hi Satish, > > > > > > > > > > > > > > > > > > I found the current KRaft implementation will have "split > > > brain" > > > > > issue > > > > > > > > when > > > > > > > > > network partition happens, which will cause inconsistent > > > metadata > > > > > > > > returned > > > > > > > > > from the controller. > > > > > > > > > Filed KAFKA-15489 < > > > > > https://issues.apache.org/jira/browse/KAFKA-15489> > > > > > > > > for > > > > > > > > > this issue, and PR > > > > > > > > > <https://github.com/apache/kafka/pull/14428> > > > is > > > > > > > ready > > > > > > > > > for review. > > > > > > > > > > > > > > > > > > Even though this is not a regression issue (this has already > > > > > existed > > > > > > > > since > > > > > > > > > the 1st release of KRaft feature), I think this is an > > > > > > > > > important > > > > > issue > > > > > > > > since > > > > > > > > > KRaft is announced production ready. > > > > > > > > > Not sure what other people's thoughts are. > > > > > > > > > > > > > > > > > > Thank you. > > > > > > > > > Luke > > > > > > > > > > > > > > > > > > On Thu, Sep 21, 2023 at 6:33 PM Josep Prat > > > > > <josep.p...@aiven.io.invalid > > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > Hi Satish, > > > > > > > > > > > > > > > > > > > > I ran the following validation steps: > > > > > > > > > > - Built from source with Java 11 and Scala 2.13 > > > > > > > > > > - Verified Signatures and hashes of the artifacts generated > > > > > > > > > > - Navigated through Javadoc including links to JDK classes > > > > > > > > > > - Run the unit tests > > > > > > > > > > - Run integration tests > > > > > > > > > > - Run the quickstart in KRaft and Zookeeper mode > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I +1 this release (non-binding) > > > > > > > > > > > > > > > > > > > > Thanks for your efforts! > > > > > > > > > > > > > > > > > > > > On Thu, Sep 21, 2023 at 2:59 AM Satish Duggana < > > > > > > > > satish.dugg...@gmail.com> > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > Thanks Greg for verifying the release including the > > > > > > > > > > > earlier > > > > > > > > > > > blocker(KAFKA-15473) verification. > > > > > > > > > > > > > > > > > > > > > > ~Satish. > > > > > > > > > > > > > > > > > > > > > > On Wed, 20 Sept 2023 at 22:30, Greg Harris > > > > > > > > <greg.har...@aiven.io.invalid > > > > > > > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > Hi all, > > > > > > > > > > > > > > > > > > > > > > > > I verified the functionality of KIP-898 and the recent > > > fix > > > > > for > > > > > > > > > > > > KAFKA-15473 with the following steps: > > > > > > > > > > > > > > > > > > > > > > > > 1. I started a 3.5.1 broker, and a 3.5.1 worker with > > > > > > > > > > > > most > > > > > (>400) > > > > > > > > > > > > publicly available plugins installed > > > > > > > > > > > > 2. I captured the output of /connector-plugins > > > > > > > > > > > > 3. I upgraded the worker to 3.6.0-rc1 > > > > > > > > > > > > 4. I captured the output of /connector-plugins with > > > various > > > > > > > > settings > > > > > > > > > > > > of plugin.discovery > > > > > > > > > > > > 5. I ran the migration script to add manifests to my > > > plugins > > > > > > > > > > > > 6. I captured the output of /connector-plugins with > > > various > > > > > > > > settings > > > > > > > > > > > > of plugin.discovery > > > > > > > > > > > > 7. I downgraded the worker to 3.5.1 > > > > > > > > > > > > 8. I diffed the output of /connector-plugins across the > > > > > different > > > > > > > > > > > > cases and observed the expected changes. > > > > > > > > > > > > a. When plugins are migrated for 3.6.0, all modes > > > produce > > > > > > > > identical > > > > > > > > > > > > results. > > > > > > > > > > > > b. When plugins are not migrated for 3.6.0, > > > only_scan and > > > > > > > > > > > > hybrid_warn produce identical results, hybrid_fail > > > crashes, > > > > > and > > > > > > > > > > > > service_load is missing plugins > > > > > > > > > > > > c. When upgrading from 3.5.1 I see that plugins with > > > > > invalid > > > > > > > > > > > > constructors are hidden, AK plugins now have versions, > > > > > > > > multi-interface > > > > > > > > > > > > plugins now show each interface type, and plugins using > > > > > > > > AppInfoParser > > > > > > > > > > > > change versions. > > > > > > > > > > > > d. The startup logs now include descriptive errors > > > for > > > > > > > invalid > > > > > > > > > > > > plugins that otherwise would have been thrown at runtime > > > > > > > > > > > > d. The fix for KAFKA-15473 prevents duplicates > > > > > > > > > > > > e. The output for 3.5.1 after downgrading is > > > identical to > > > > > > > > before. > > > > > > > > > > > > > > > > > > > > > > > > +1 (non-binding) > > > > > > > > > > > > > > > > > > > > > > > > Thanks Satish for running the release! > > > > > > > > > > > > > > > > > > > > > > > > On Wed, Sep 20, 2023 at 8:36 AM Divij Vaidya < > > > > > div...@apache.org> > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > Hey Satish > > > > > > > > > > > > > > > > > > > > > > > > > > My comments about documentation misses from RC0 vote > > > > > thread [1] > > > > > > > > are > > > > > > > > > > > > > still not addressed (such as missing metric > > > documentation, > > > > > > > > formatting > > > > > > > > > > > > > problems etc). Could you please mention why we > > > shouldn't > > > > > > > consider > > > > > > > > > > them > > > > > > > > > > > > > as blockers to make RC1 as the final release? > > > > > > > > > > > > > > > > > > > > > > > > > > [1] > > > > > > > > https://lists.apache.org/thread/cokoxzd0jtgjtrlxoq7kkzmvpm75381t > > > > > > > > > > > > > > > > > > > > > > > > > > On Wed, Sep 20, 2023 at 4:53 PM Satish Duggana < > > > > > > > > > > > satish.dugg...@gmail.com> > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > Hello Kafka users, developers and client-developers, > > > > > > > > > > > > > > > > > > > > > > > > > > > > This is the second candidate for the release of > > > Apache > > > > > Kafka > > > > > > > > 3.6.0. > > > > > > > > > > > > Some of the major features include: > > > > > > > > > > > > > > > > > > > > > > > > > > > > * KIP-405 : Kafka Tiered Storage > > > > > > > > > > > > > > * KIP-868 : KRaft Metadata Transactions > > > > > > > > > > > > > > * KIP-875: First-class offsets support in Kafka > > > Connect > > > > > > > > > > > > > > * KIP-898: Modernize Connect plugin discovery > > > > > > > > > > > > > > * KIP-938: Add more metrics for measuring KRaft > > > > > performance > > > > > > > > > > > > > > * KIP-902: Upgrade Zookeeper to 3.8.1 > > > > > > > > > > > > > > * KIP-917: Additional custom metadata for remote log > > > > > segment > > > > > > > > > > > > > > > > > > > > > > > > > > > > Release notes for the 3.6.0 release: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://home.apache.org/~satishd/kafka-3.6.0-rc1/RELEASE_NOTES.html > > > > > > > > > > > > > > > > > > > > > > > > > > > > *** Please download, test and vote by Saturday, > > > > > September 23, > > > > > > > > 8am > > > > > > > > > > PT > > > > > > > > > > > > > > > > > > > > > > > > > > > > Kafka's KEYS file containing PGP keys we use to sign > > > the > > > > > > > > release: > > > > > > > > > > > > > > https://kafka.apache.org/KEYS > > > > > > > > > > > > > > > > > > > > > > > > > > > > * Release artifacts to be voted upon (source and > > > binary): > > > > > > > > > > > > > > https://home.apache.org/~satishd/kafka-3.6.0-rc1/ > > > > > > > > > > > > > > > > > > > > > > > > > > > > * Maven artifacts to be voted upon: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://repository.apache.org/content/groups/staging/org/apache/kafka/ > > > > > > > > > > > > > > > > > > > > > > > > > > > > * Javadoc: > > > > > > > > > > > > > > > > > > > https://home.apache.org/~satishd/kafka-3.6.0-rc1/javadoc/ > > > > > > > > > > > > > > > > > > > > > > > > > > > > * Tag to be voted upon (off 3.6 branch) is the 3.6.0 > > > tag: > > > > > > > > > > > > > > > > > https://github.com/apache/kafka/releases/tag/3.6.0-rc1 > > > > > > > > > > > > > > > > > > > > > > > > > > > > * Documentation: > > > > > > > > > > > > > > https://kafka.apache.org/36/documentation.html > > > > > > > > > > > > > > > > > > > > > > > > > > > > * Protocol: > > > > > > > > > > > > > > https://kafka.apache.org/36/protocol.html > > > > > > > > > > > > > > > > > > > > > > > > > > > > * Successful Jenkins builds for the 3.6 branch: > > > > > > > > > > > > > > There are a few runs of unit/integration tests. You > > > can > > > > > see > > > > > > > the > > > > > > > > > > > latest > > > > > > > > > > > > at > > > https://ci-builds.apache.org/job/Kafka/job/kafka/job/3.6/. > > > > > We > > > > > > > > will > > > > > > > > > > > > continue running a few more iterations. > > > > > > > > > > > > > > System tests: > > > > > > > > > > > > > > We will send an update once we have the results. > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > Satish. > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > > > You received this message because you are subscribed > > > to > > > > > the > > > > > > > > Google > > > > > > > > > > > > Groups "kafka-clients" group. > > > > > > > > > > > > > > To unsubscribe from this group and stop receiving > > > emails > > > > > from > > > > > > > > it, > > > > > > > > > > > send > > > > > > > > > > > > an email to kafka-clients+unsubscr...@googlegroups.com. > > > > > > > > > > > > > > To view this discussion on the web visit > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://groups.google.com/d/msgid/kafka-clients/CAM-aUZ%3DuJ-SKeVFtBZwBjhLHKw4CbxF_ws%2BvQqaymGHFsC%2Bmdg%40mail.gmail.com > > > > > > > > > > > > . > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > [image: Aiven] <https://www.aiven.io> > > > > > > > > > > > > > > > > > > > > *Josep Prat* > > > > > > > > > > Open Source Engineering Director, *Aiven* > > > > > > > > > > josep.p...@aiven.io | +491715557497 > > > > > > > > > > aiven.io <https://www.aiven.io> | < > > > > > > > > https://www.facebook.com/aivencloud > > > > > > > > > > > > > > > > > > > > > <https://www.linkedin.com/company/aiven/> < > > > > > > > > > > https://twitter.com/aiven_io> > > > > > > > > > > *Aiven Deutschland GmbH* > > > > > > > > > > Alexanderufer 3-7, 10117 Berlin > > > > > > > > > > Geschäftsführer: Oskari Saarenmaa & Hannu Valtonen > > > > > > > > > > Amtsgericht Charlottenburg, HRB 209739 B > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >