Re: 3.5.7

Thu, 30 Jan 2020 14:32:17 -0800 

Awesome

Thank

Enrico

Il Gio 30 Gen 2020, 22:07 Norbert Kalmar <nkal...@cloudera.com.invalid> ha
scritto:

> Hi all,
>
> Just a heads up.
>
> All patch that we wanted (as far as I'm aware, let me know if you miss
> something) for the 3.5.7 release has been committed to branch 3.5. Mainly
> this was:
> - ZOOKEEPER-3701 (split brain)
> - ZOOKEEPER-3482 (some SASL stuff)
> - ZOOKEEPER-3699 (fix CVE about Jackson)
>
> And a few other nice to haves (like ZOOKEEPER-1105 C client WARN msg fix)
> that also made it.
>
> I started testing the 3.5 branch and I will create a release branch soon
> (probably tomorrow).
>
> Regards,
> Norbert
>
> On Mon, Jan 27, 2020 at 11:30 AM Norbert Kalmar <nkal...@cloudera.com>
> wrote:
>
> > Only blocker left for 3.5.7 is ZOOKEEPER-3701, patch available here:
> > https://github.com/apache/zookeeper/pull/1233
> >
> > I'll wait another 0.5-1 day if anyone wants to take a look at it. Then
> > I'll commit and start the 3.5.7 release process.
> >
> > Thanks,
> > Norbert
> >
> > On Thu, Jan 23, 2020 at 11:29 AM Norbert Kalmar <nkal...@cloudera.com>
> > wrote:
> >
> >> The patch fixed the CVE warning
> >> https://builds.apache.org/job/zookeeper-master-maven-owasp/339/
> >>
> >> Norbert
> >>
> >> On Thu, Jan 23, 2020 at 11:07 AM Norbert Kalmar <nkal...@cloudera.com>
> >> wrote:
> >>
> >>> Thanks Patrick, I'll review and preferably commit your patch, which
> >>> should negate the CVE warning.
> >>>
> >>> Regards,
> >>> Norbert
> >>>
> >>> On Wed, Jan 22, 2020 at 5:31 PM Patrick Hunt <ph...@apache.org> wrote:
> >>>
> >>>> owasp is failing on branch-3.5,
> >>>> [ERROR] jackson-databind-2.9.10.1.jar: CVE-2019-20330
> >>>>
> >>>> seems the same as:
> >>>> https://issues.apache.org/jira/browse/ZOOKEEPER-3699
> >>>>
> >>>> Patrick
> >>>>
> >>>> On Wed, Jan 22, 2020 at 5:12 AM Ivan Kelly <iv...@apache.org> wrote:
> >>>>
> >>>> > > Would you have time for a quick fix ?
> >>>> >
> >>>> > The measures to avoid the problem are listed at the end of the JIRA
> >>>> > description. I can't submit a PR until I get permission from my
> >>>> > company legal to push to ZK.
> >>>> >
> >>>> > -Ivan
> >>>> >
> >>>>
> >>>
>

Reply via email to