Hi, I've cherry-picked the missing change for AVRO-4053 (doc consistency in velocity templates), and created a new RC.
I'd like to propose to release this RC1 as the official Apache Avro 1.11.5 release. The commit id is https://github.com/apache/avro/commit/257db287e4cf3f3831013780e709226d4aa188d9 This corresponds to the tag: release-1.11.5-rc1: https://github.com/apache/avro/tree/release-1.11.5-RC1 The release tarball, signature, and checksums are here (revision r79245): https://dist.apache.org/repos/dist/dev/avro/avro-1.11.5-RC1/ The Maven artefacts are staged here: https://repository.apache.org/content/repositories/orgapacheavro-1045/ You can find the KEYS file here: https://dist.apache.org/repos/dist/release/avro/KEYS This release includes the following security fixes: * Prevent class with empty Java package being trusted by SpecificDatumReader (#3311) * Remove the default serializable packages and deprecated the property to introduce org.apache.avro.SERIALIZABLE_CLASSES instead (#3376) * java-[key-]class allowed packages must be packages (#3453) * doc consistency in velocity templates (#3150) Did I leave anything important out? Please download, verify, and test. This vote will remain open for at least 72 hours. [ ] +1 Release this as Apache Avro 1.11.5 [ ] 0 [ ] -1 Do not release this because... Kind regards, Oscar On Wed, 10 Sept 2025 at 16:32, Oscar Westra van Holthe - Kind < [email protected]> wrote: > Hi, > > I'm adjusting my vote to -1, don't release, because we should include the > change for AVRO-4053 (doc consistency in velocity templates). > > I'll create a new RC shortly. > > > Kind regards, > Oscar > > > On Tue, 9 Sept 2025 at 10:06, Nándor Kollár <[email protected]> wrote: > >> +1 >> >> On 2025/09/07 18:05:18 Martin Grigorov wrote: >> > +1 to release >> > >> > On Sat, 6 Sep 2025 at 0:19, Oscar Westra van Holthe - Kind < >> > [email protected]> wrote: >> > >> > > And a +1 from me >> > > >> > > We need only one more vote... >> > > >> > > >> > > Kind regards, >> > > Oscar >> > > >> > > On Wed, 3 Sept 2025 at 22:38, Driesprong, Fokko <[email protected] >> > >> > > wrote: >> > > >> > > > Hi Oscar, >> > > > >> > > > Thanks for running the release. This slipped through the cracks of >> my >> > > > mailbox. >> > > > >> > > > +1 from my end >> > > > >> > > > Kind regards, >> > > > Fokko >> > > > >> > > > Op wo 20 aug 2025 om 22:38 schreef Oscar Westra van Holthe - Kind < >> > > > [email protected]>: >> > > > >> > > > > Hi everyone, >> > > > > >> > > > > It took a bit longer than anticipated (learning about Perl builds, >> > > among >> > > > > other things), but I've created a RC0 of Avro 1.11.5. >> > > > > I'd like to propose to release this RC0 as the official Apache >> Avro >> > > > 1.11.5 >> > > > > release. >> > > > > >> > > > > The commit id is >> > > > > >> > > > > >> > > > >> > > >> https://github.com/apache/avro/commit/a0d0130aea75b8319f251c3805f18a1776efa563 >> > > > > This corresponds to the tag: release-1.11.5-rc0: >> > > > > https://github.com/apache/avro/tree/release-1.11.5-RC0 >> > > > > >> > > > > The release tarball, signature, and checksums are here (revision >> > > r78771): >> > > > > https://dist.apache.org/repos/dist/dev/avro/avro-1.11.5-RC0/ >> > > > > The Maven artefacts are staged here: >> > > > > >> > > > > >> > > > >> > > >> https://repository.apache.org/content/repositories/orgapacheavro-1042/org/apache/avro/ >> > > > > >> > > > > You can find the KEYS file here: >> > > > > https://dist.apache.org/repos/dist/release/avro/KEYS >> > > > > >> > > > > This release includes the following security fixes: >> > > > > * Prevent class with empty Java package being trusted by >> > > > > SpecificDatumReader (#3311) >> > > > > * Remove the default serializable packages and deprecated the >> property >> > > to >> > > > > introduce org.apache.avro.SERIALIZABLE_CLASSES instead (#3376) >> > > > > * java-[key-]class allowed packages must be packages (#3453) >> > > > > >> > > > > Did I leave anything important out? >> > > > > >> > > > > >> > > > > Please download, verify, and test. This vote will remain open for >> at >> > > > least >> > > > > 72 hours. >> > > > > >> > > > > [ ] +1 Release this as Apache Avro 1.11.5 >> > > > > [ ] 0 >> > > > > [ ] -1 Do not release this because... >> > > > > >> > > > > >> > > > > Kind regards, >> > > > > Oscar >> > > > > >> > > > > -- >> > > > > ✉️ Oscar Westra van Holthe - Kind <[email protected]> >> > > > > 🌐 https://github.com/opwvhk/ >> > > > > >> > > > >> > > >> > > >> > > -- >> > > >> > > ✉️ Oscar Westra van Holthe - Kind <[email protected]>🌐 >> > > https://github.com/opwvhk/ >> > > >> > >> > > > -- > > ✉️ Oscar Westra van Holthe - Kind <[email protected]> > > -- ✉️ Oscar Westra van Holthe - Kind <[email protected]>🌐 https://github.com/opwvhk/
