Tentatively planning to build the RC1 on 9th January night or 10th January morning (India time). Thanks, Ishan
On Wed, Jan 8, 2020 at 7:09 PM Ishan Chattopadhyaya <[email protected]> wrote: > > I'm waiting for SOLR-14158 to be merged and will build the RC1. If > there are any fixes that should be backported, in your best judgement, > please feel free to port them to the branch_8_4 and let me know. > Thanks and regards, > Ishan > > On Mon, Jan 6, 2020 at 8:17 PM Ishan Chattopadhyaya > <[email protected]> wrote: > > > > Thanks Jan. I'll volunteer! > > I'd like to include SOLR-14158. It is a security issue. TLDR for that > > issue: if someone uses package manager and has ZK exposed to external > > traffic (by mistake or via a breach of outer perimeter), then RCE is > > possible on all Solr nodes since trusted keys are kept in ZK. We have > > documented that users mustn't expose ZK when using the package > > manager, but we feel we should do better and plug that hole. The > > proposed change in the issue is to store keys in filesystem, which is > > more secure than storing in ZK. > > > > On Mon, Jan 6, 2020 at 8:02 PM Jan Høydahl <[email protected]> wrote: > > > > > > I’m calling off the 8.4.1 bugfix release for now. So feel free to grab > > > the RM chair if you have any other urgent itches to scrach :) > > > > > > Jan > > > > > > > 6. jan. 2020 kl. 09:36 skrev Jan Høydahl <[email protected]>: > > > > > > > > Regarding 8.4.1 release, there won’t be an RC today. > > > > > > > > If setting SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=false proves a viable > > > > workaorund short term I may not push for an 8.4.1 at all. > > > > So feel free to continue discussion on whether there are other bugs > > > > that warrant an 8.4.1 releaes… > > > > > > > > Jan > > > > > > > >> 3. jan. 2020 kl. 14:57 skrev Jan Høydahl <[email protected]>: > > > >> > > > >> Happy new year! > > > >> > > > >> I have merged these two fixes into branch_8_4 > > > >> > > > >> * SOLR-14106: Cleanup Jetty SslContextFactory usage (Ryan Rockenbaugh, > > > >> Jan Hoydahl, Kevin Risden) > > > >> * SOLR-14109: Always log to stdout from > > > >> server/scripts/cloud-scripts/zkcli.{bat|sh} (janhoy) > > > >> > > > >> Still planning to roll a first RC for 8.4.1 release on Monday, so make > > > >> sure to get your important JIRAs in by then. > > > >> > > > >> Jan > > > >> > > > >>> 30. des. 2019 kl. 13:14 skrev Jan Høydahl <[email protected]>: > > > >>> > > > >>> Hi > > > >>> > > > >>> I propose a quick 8.4.1 bugfix release and I volunteer as RM. > > > >>> > > > >>> I plan to build RC1 on Monday January 6th, one week from now. > > > >>> > > > >>> Feel free to merge bug fixes to branch_8_4, just drop a word here. > > > >>> As usual, do NOT merge features or large changes that risk the > > > >>> stability of the release. > > > >>> Minor fixes to documentation, build system etc won’t need a mention > > > >>> in CHANGES, unless you want to give credit to a contributor. > > > >>> > > > >>> Please leave branch_8_4 Jenkins jobs running. > > > >>> > > > >>> -- > > > >>> Jan Høydahl, Apache Lucene committer > > > >>> [email protected] > > > >>> > > > >> > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
