-1; security concern: permissions removed from user roles (e.g. "portal") will be silently re-added to those roles on upgrade, escalating privileges. This hasn't been a problem in earlier releases because 7.x was the first release to contain actual constraints based on Permissions.
On Tue, Oct 3, 2023 at 10:54 AM R S <rs...@apache.org> wrote: > Hello All, > > I've prepared a release for 8.0.0-RC3. Changes since RELEASE-8.0.0-RC2: > > https://github.com/apache/trafficcontrol/compare/v8.0.0-rc2...v8.0.0-rc3 > > > https://github.com/apache/trafficcontrol/blob/RELEASE-8.0.0-RC3/CHANGELOG.md > > The artifacts are available for download at: > https://dist.apache.org/repos/dist/dev/trafficcontrol/8.0.0/RC3/ > > BLAKE2 checksum: > > > e8e8abe66471b6b1839d53b07de41fcfe43185b00562b405b8a5c5f54329f7c6279032e6ad052fa3ccc346561a88f1b4de50cfed7e663aa7205c31923d2be9c5 > > SHA512 checksum: > > 66b03fa49ab8e15bb1a933a9712c81b67c0f13f6412ac8ca6b95a9dc89be33b79707ed6a487aa2ea3af01967195b4012a85b6ae3b3f1f12c2a96f6d2f279e0d6 > > This corresponds to git refs: > > Hash:cedcd2c033ef8cde189b54c47ff59bbeed1be976 > Tag: RELEASE-8.0.0-RC3 > > Which can be verified with the following command: > > $ git tag -v RELEASE-8.0.0-RC3 > > All code signing keys are available here: > > https://dist.apache.org/repos/dist/release/trafficcontrol/KEYS > > Make sure you refresh from a key server to get all relevant signatures. > > The vote is open until 22:00 UTC on Friday, October 6 and passes if a > majority of at least 3 +1 PMC votes are cast. > [ ] +1 approve > [ ] +0 no opinion > [ ] -1 disapprove (and reason why) > > Thanks! > Rima Shah > > rs...@apache.org >
