+1 Verified…
- checksums, signature, - unit tests - 3-node cluster smoke tests. Andor > On 2019. Oct 9., at 22:40, Enrico Olivelli <[email protected]> wrote: > > Il mer 9 ott 2019, 21:14 Patrick Hunt <[email protected]> ha scritto: > >> +1 checksums/sig validated. rat ran clean and I was able to build and >> exercise the code just fine with java 8. >> >> Note dep check is failing again however: >> >> jackson-databind-2.9.10.jar >> (pkg:maven/com.fasterxml.jackson.core/[email protected], >> cpe:2.3:a:fasterxml:jackson:2.9.10:*:*:*:*:*:*:*, >> cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*) : >> CVE-2019-16942, CVE-2019-16943 >> >> I looked at the issue and they seem very specific, given that and the >> status of databind these days I think we should get this one next time >> around vs re-re... spinning the rc. What do you think? >> > > Agreed. > And as we are doing a very limited use of Jackson we can look for a > replacement > > Enrico > >> >> Patrick >> >> >> On Tue, Oct 8, 2019 at 1:46 PM Enrico Olivelli <[email protected]> >> wrote: >> >>> This is a bugfix release candidate for 3.5.6. >>> >>> It fixes 29 issues, including upgrade of third party libraries, >>> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade of Netty 4 >>> and better procedure for the upgrade of servers from 3.4 to 3.5. >>> >>> The full release notes is available at: >>> >>> >>> >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12345243 >>> >>> *** Please download, test and vote by October 11th 2019, 23:59 UTC+0. *** >>> >>> Source files: >>> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4 >>> >>> Maven staging repo: >>> >> https://repository.apache.org/content/repositories/orgapachezookeeper-1044 >>> >>> The release candidate tag in git to be voted upon: release-3.5.6-rc4 >>> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4 >>> >>> ZooKeeper's KEYS file containing PGP keys we use to sign the release: >>> https://www.apache.org/dist/zookeeper/KEYS >>> >>> Should we release this candidate? >>> >>> Enrico Olivelli
