Could you include this fix (https://github.com/apache/pulsar-client-go/pull/1155), which fixes a CVE?
Thanks, Yunze On Wed, Jan 10, 2024 at 3:21 PM Zike Yang <z...@apache.org> wrote: > > Hi everyone, > Please review and vote on the release candidate #1 for the version > 0.12.0, as follows: > [ ] +1, Approve the release > [ ] -1, Do not approve the release (please provide specific comments) > > This is the first release candidate for Apache Pulsar Go client, version > 0.12.0. > > The release note/changelog for Go client 0.12.0: > https://github.com/apache/pulsar-client-go/pull/1153/files > > Pulsar Client Go's KEYS file contains PGP keys we used to sign this release: > https://downloads.apache.org/pulsar/KEYS > > Please download these packages and review this release candidate: > - Review release notes: https://github.com/apache/pulsar-client-go/pull/1153 > - Download the source package (verify shasum, and asc) and follow the > README.md to build and run the pulsar-client-go. > > The vote will be open for at least 72 hours. It is adopted by majority > approval, with at least 3 PMC affirmative votes. > > Source file: > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-go-0.12.0-candidate-1/ > > The tag to be voted upon: > v0.12.0-candidate-1 > https://github.com/apache/pulsar-client-go/tree/v0.12.0-candidate-1 > > SHA-512 checksums: > a32e1072646a13aa54f983f0d3fce9c1917773fcb261d3431e2ecf1bac519cf50d3e8c3479f527e3ec8fb69518e987f25f1e3b9eae6736739aaea77941766304 > apache-pulsar-client-go-0.12.0-src.tar.gz
