The JUnit patch has been merged a couple of days ago, I do not see any other open pull requests labeled with security. I also ran the dependency check report too and since the report is quite big, I've uploaded it to Google drive, and made it available at the following location: https://drive.google.com/file/d/1xzt0WMWG2hGxRyllcyaxz5TYKWOKA_Gd/view?usp=sharing . There are a couple of critical issues related to Hadoop and Hive, but also for Jetty. I can pull requests for the Hadoop and Jetty ones, the Hive seems quite new and to be fixed in Hive 4.0
On Mon, May 24, 2021 at 2:30 PM Laurent Goujon <[email protected]> wrote: > I might be able to help on the JUnit and CVE patches too too > > On Mon, May 24, 2021 at 2:29 PM Laurent Goujon <[email protected]> wrote: > >> Ok, I was hoping that some of the PRs could be merged, but if we are in >> agreement, let's start the work :) >> >> On Sun, May 23, 2021 at 6:52 PM luoc <[email protected]> wrote: >> >>> Hi Charles, >>> All right, we'll be expecting the update. >>> >>> > 2021年5月24日 上午12:13,Charles Givre <[email protected]> 写道: >>> > >>> > Hi Luoc, >>> > We still have a few PRs pending that we really should get into Drill >>> 1.19. The main one is the junit upgrade. There are a few critical CVEs >>> associated with that, so I do think it is important to get that one >>> merged. I think Vitalii will have that one done in short order. >>> > Best, >>> > -- C >>> > >>> > >>> > >>> >> On May 22, 2021, at 5:16 AM, luoc <[email protected]> wrote: >>> >> >>> >> Hi Laurent, >>> >> It’s time to do a release with 1.19.0. >>> >> >>> >>> 2021年5月19日 上午2:20,Vitalii Diravka <[email protected]> 写道: >>> >>> >>> >>> Hi Laurent, >>> >>> DRILL-7871 requires additional time to be introduced and it is >>> better to >>> >>> include it for the next release. >>> >>> DRILL-7904 is updated, I think it will be merged in a few days. But >>> it >>> >>> doesn't matter whether it is included in this release or in the next >>> one. >>> >>> >>> >>> So we can plan to start the release process >>> >>> >>> >>> >>> >>> Kind regards >>> >>> Vitalii >>> >>> >>> >>> >>> >>> On Tue, May 11, 2021 at 7:52 PM Laurent Goujon <[email protected]> >>> wrote: >>> >>> >>> >>>> Thanks Vitalii >>> >>>> >>> >>>> On Tue, May 11, 2021 at 9:29 AM Vitalii Diravka <[email protected] >>> > >>> >>>> wrote: >>> >>>> >>> >>>>> Hi Luoc! >>> >>>>> >>> >>>>> They are almost ready. I plan to update PR for them today. >>> >>>>> >>> >>>>> Kind regards >>> >>>>> Vitalii >>> >>>>> >>> >>>>> >>> >>>>> On Sat, May 8, 2021 at 5:26 PM luoc <[email protected]> wrote: >>> >>>>> >>> >>>>>> Hi Vitalii, >>> >>>>>> Would you mind sharing that... Is DRILL-7904 ready to review >>> again? >>> >>>>> And what’s >>> >>>>>> the status on the DRILL-7871? thanks >>> >>>>>> >>> >>>>>> 2021年5月4日 下午1:10,Ted Dunning <[email protected]> 写道: >>> >>>>>> >>> >>>>>> Laurent, >>> >>>>>> >>> >>>>>> I don't have a stake here, so can't really comment about >>> specifics, but >>> >>>>> the >>> >>>>>> process is looking good. >>> >>>>>> >>> >>>>>> >>> >>>>>> >>> >>>>>> On Mon, May 3, 2021 at 9:23 PM Laurent Goujon <[email protected] >>> > >>> >>>>> wrote: >>> >>>>>> >>> >>>>>> Thanks for all the answers >>> >>>>>> >>> >>>>>> So the issues I found based on the feedback are: >>> >>>>>> >>> >>>>>> - DRILL-7878: Fix LGTM Alerts >>> >>>>>> <https://issues.apache.org/jira/browse/DRILL-7878> >>> >>>>>> - DRILL-7871: StoragePluginStore instances for different users >>> >>>>>> <https://issues.apache.org/jira/browse/DRILL-7871> >>> >>>>>> - DRILL-7908: Fix GitHub Actions CI >>> >>>>>> <https://issues.apache.org/jira/browse/DRILL-7908> >>> >>>>>> - DRILL-7904: Update to 30-jre Guava version >>> >>>>>> <https://issues.apache.org/jira/browse/DRILL-7904> >>> >>>>>> - DRILL-7826: Merge Pcap and Pcapng format plugin based on EVF >>> >>>>>> <https://issues.apache.org/jira/browse/DRILL-7826> >>> >>>>>> - DRILL-7828: Refactor Pcap and Pcapng format plugin >>> >>>>>> <https://issues.apache.org/jira/browse/DRILL-7828> >>> >>>>>> - DRILL-7910: Bumps commons-io from 2.4 to 2.7 >>> >>>>>> <https://issues.apache.org/jira/browse/DRILL-7910> >>> >>>>>> - DRILL-7901: Bump junit from 4.12 to 4.13.1 >>> >>>>>> <https://issues.apache.org/jira/browse/DRILL-7901> >>> >>>>>> >>> >>>>>> I wanted to propose Monday May 10th to do the first release >>> candidate, >>> >>>>> but >>> >>>>>> I have some concerns about some of the changes which may not be >>> ready >>> >>>> by >>> >>>>>> then considering they seem to involve some level of effort and >>> are in >>> >>>>> very >>> >>>>>> early stage: The LGTM alert changes and the StoragePluginStore >>> model >>> >>>>>> change. JUnit version update might also become quite a large >>> change if >>> >>>>>> instead of moving to 4.13.1, Drill is switching to JUnit5. >>> >>>>>> >>> >>>>>> What do people think? >>> >>>>>> >>> >>>>>> On Sat, Apr 24, 2021 at 1:00 PM Vitalii Diravka < >>> [email protected]> >>> >>>>>> wrote: >>> >>>>>> >>> >>>>>> Hi Laurent, >>> >>>>>> >>> >>>>>> I want to include: >>> >>>>>> DRILL-7871 <https://issues.apache.org/jira/browse/DRILL-7871> >>> >>>> (preparing >>> >>>>>> PR) >>> >>>>>> DRILL-7908 <https://issues.apache.org/jira/browse/DRILL-7908> >>> >>>> (preparing >>> >>>>>> PR) >>> >>>>>> DRILL-7904 <https://issues.apache.org/jira/browse/DRILL-7904> >>> (PR is >>> >>>>>> opened, in review) >>> >>>>>> DRILL-7828 <https://issues.apache.org/jira/browse/DRILL-7828> >>> (PR is >>> >>>>>> opened, review is almost completed) >>> >>>>>> >>> >>>>>> All these tasks are expected to be completed in a week >>> >>>>>> >>> >>>>>> Kind regards >>> >>>>>> Vitalii >>> >>>>>> >>> >>>>>> >>> >>>>>> On Fri, Apr 23, 2021 at 9:25 PM Charles Givre <[email protected]> >>> >>>> wrote: >>> >>>>>> >>> >>>>>> Hi Laurent, >>> >>>>>> We have a few PRs pending which I'd like to see in the next >>> version >>> >>>>>> >>> >>>>>> which >>> >>>>>> >>> >>>>>> are: >>> >>>>>> 1. The update(s) and bug fixes to the Mongo plugin. >>> >>>>>> 2. There is an extended PR for bug fixes which clean up a lot of >>> >>>>>> >>> >>>>>> alerts >>> >>>>>> >>> >>>>>> generated by LGTM >>> >>>>>> 3. There are a few other library updates which are pending. >>> >>>>>> 4. We have some work which changes the access model around >>> storage >>> >>>>>> plugins which would be good for this release >>> >>>>>> 5. The PCAP/PCAP-NG consolidation is awaiting review. >>> >>>>>> >>> >>>>>> I think that's it. >>> >>>>>> -- C >>> >>>>>> >>> >>>>>> On Apr 22, 2021, at 12:33 PM, Laurent Goujon <[email protected]> >>> >>>>>> >>> >>>>>> wrote: >>> >>>>>> >>> >>>>>> >>> >>>>>> Hello everyone, >>> >>>>>> >>> >>>>>> It has been more than 6 months since the last release, and I >>> believe >>> >>>>>> >>> >>>>>> this >>> >>>>>> >>> >>>>>> would be a good time to discuss the next one. >>> >>>>>> >>> >>>>>> As mentioned in a previous email thread, I am volunteering to be >>> the >>> >>>>>> release manager, and I'm looking forward working with the whole >>> >>>>>> >>> >>>>>> community >>> >>>>>> >>> >>>>>> to make another great release. >>> >>>>>> >>> >>>>>> We have around 80 changes in master since the last release, and >>> there >>> >>>>>> >>> >>>>>> are >>> >>>>>> >>> >>>>>> several changes open for review too. It would be nice if people >>> could >>> >>>>>> >>> >>>>>> reply >>> >>>>>> >>> >>>>>> to this email and share issues which should be part of that >>> release, >>> >>>>>> >>> >>>>>> so >>> >>>>>> >>> >>>>>> we >>> >>>>>> >>> >>>>>> can decide on an initial cut-off date. >>> >>>>>> >>> >>>>>> Thanks in advance, >>> >>>>>> >>> >>>>>> Laurent >>> >>>>>> >>> >>>>>> >>> >>>>>> >>> >>>>>> >>> >>>>>> >>> >>>>>> >>> >>>>>> >>> >>>>> >>> >>>> >>> >> >>> >>>
