Heya, I’m extremely sorry for bringing this up this late. When we geared up for the 2.0 release, we missed one option that we wanted to add since the 1.x days: making /_all_dbs an admin-only resource by default.
We missed the 2.0.0 Breaking Change window for that, but added an disabled- by-default option for this since: https://github.com/apache/couchdb/blob/3.0.x/rel/overlay/etc/default.ini#L139 In the light of having a “secure by default” focus for this release, I would like to propose that we flip this config option to `true` by default and mark this as a Breaking Change. I’m sorry this would mean another RC. At least it’ll be a small patch. Best Jan “Columbo: Just one more thing” Lehnardt — > On 18. Feb 2020, at 21:08, Joan Touzet <woh...@apache.org> wrote: > > Dear community, > > I would like to propose that we release Apache CouchDB 3.0.0. > > Changes since last time: > > https://github.com/apache/couchdb/compare/3.0.0-RC1...3.0.0-RC2 > > Candidate release notes: > > https://docs.couchdb.org/en/latest/whatsnew/3.0.html > > We encourage the whole community to download and test these release artefacts > so that any critical issues can be resolved before the release is made. > Everyone is free to vote on this release, so dig right in! (Only PMC members > have binding votes, but they depend on community feedback to gauge if an > official release is ready to be made.) > > The release artefacts we are voting on are available here: > > https://dist.apache.org/repos/dist/dev/couchdb/source/3.0.0/rc.2 > > There, you will find a tarball, a GPG signature, and SHA256/SHA512 checksums. > > Please follow the test procedure here: > > https://cwiki.apache.org/confluence/display/COUCHDB/Testing+a+Source+Release > > Please remember that "RC2" is an annotation. If the vote passes, these > artefacts will be released as Apache CouchDB 3.0.0. > > Please cast your votes now. > > Thanks, > Joan "twice in a lifetime" Touzet
