Hi Ismael, As far as I can tell, Kafka is not using the jackson-databind API that had the issue. If this is fine, I'll mark this vote as passed and I'll continue the release process. Thanks
On Tue, Jan 5, 2021 at 4:27 PM Ismael Juma <ism...@juma.me.uk> wrote: > > Hi Mickael, > > Does that CVE even affect Kafka? Not sure if we gain much by delaying the > release even longer. People who really care about the CVE can also use > 2.7.0. > > Ismael > > On Tue, Jan 5, 2021 at 8:12 AM Mickael Maison <mimai...@apache.org> wrote: > > > Hi, > > > > Thanks for the votes. However, I'm going to build a new RC to pick the > > commit [1] that addresses CVE-2020-25649. > > > > 1: > > https://github.com/apache/kafka/commit/101ba2844f92451f633d11fd2ad3813f15d4a4f3 > > > > So closing this vote, I'll open a new one soon > > > > On Fri, Dec 18, 2020 at 4:45 AM Ismael Juma <ism...@juma.me.uk> wrote: > > > > > > Looks like you have your votes Mickael. :) > > > > > > Ismael > > > > > > On Fri, Dec 11, 2020 at 7:23 AM Mickael Maison <mimai...@apache.org> > > wrote: > > >> > > >> Hello Kafka users, developers and client-developers, > > >> > > >> This is the fourth candidate for release of Apache Kafka 2.6.1. > > >> > > >> Since RC2, the following JIRAs have been fixed: KAFKA-10811, KAFKA-10802 > > >> > > >> Release notes for the 2.6.1 release: > > >> https://home.apache.org/~mimaison/kafka-2.6.1-rc3/RELEASE_NOTES.html > > >> > > >> *** Please download, test and vote by Friday, December 18, 12 PM ET *** > > >> > > >> Kafka's KEYS file containing PGP keys we use to sign the release: > > >> https://kafka.apache.org/KEYS > > >> > > >> * Release artifacts to be voted upon (source and binary): > > >> https://home.apache.org/~mimaison/kafka-2.6.1-rc3/ > > >> > > >> * Maven artifacts to be voted upon: > > >> https://repository.apache.org/content/groups/staging/org/apache/kafka/ > > >> > > >> * Javadoc: > > >> https://home.apache.org/~mimaison/kafka-2.6.1-rc3/javadoc/ > > >> > > >> * Tag to be voted upon (off 2.6 branch) is the 2.6.1 tag: > > >> https://github.com/apache/kafka/releases/tag/2.6.1-rc3 > > >> > > >> * Documentation: > > >> https://kafka.apache.org/26/documentation.html > > >> > > >> * Protocol: > > >> https://kafka.apache.org/26/protocol.html > > >> > > >> * Successful Jenkins builds for the 2.6 branch: > > >> Unit/integration tests: > > >> https://ci-builds.apache.org/job/Kafka/job/kafka-2.6-jdk8/62/ > > >> > > >> /************************************** > > >> > > >> Thanks, > > >> Mickael > > > > > > -- > > > You received this message because you are subscribed to the Google > > Groups "kafka-clients" group. > > > To unsubscribe from this group and stop receiving emails from it, send > > an email to kafka-clients+unsubscr...@googlegroups.com. > > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/kafka-clients/CAD5tkZYn43BkKArgdL2jJn00a5Suf_89NG4n3-OpqMvKARPNNQ%40mail.gmail.com > > . > >
