Hi Craig, It's already committed: https://github.com/apache/zookeeper/commit/59337e7ec8ab67fecf7cfc1b8c5b76397c02bfd6
Sorry I'm running a bit late with the release, I got a flu or some virus last week, wasn't too productive. Anyway, I did some testing, and SSL tests seems a bit flaky, they almost constantly kept failing. Reducing fork count helped a bit, first to 4 then to 1. Still was a bit flaky, the truth to be told the machine had some loads and the problem was server not coming up in time. But after killing the load it still happened. On my MacOS unit tests run without a problem with the default 8 surefire core. Turns out the SSL tests are also failing while building with the docker image, I just talked to Máté about this. Oh, it's both 3.5 and master branch. I'll dig into this a little before continuing. Regards, Norbert On Sat, Feb 1, 2020 at 1:01 PM Enrico Olivelli <eolive...@gmail.com> wrote: > Il Ven 31 Gen 2020, 16:16 Craig.Condit <craig.con...@target.com> ha > scritto: > > > Would it be possible to get ZOOKEEPER-3638 included in 3.5.7 as well? > > I thought it already went in > > we really must include it. > > Enrico > > The version of Jetty included in 3.5.6 breaks the admin server. We have > > been running a backport of 3638 (which just upgrades to a later version) > > successfully on 3.5.6 here without issue. > > > > Thanks, > > > > Craig Condit > > > > > > ________________________________ > > From: Norbert Kalmar <nkal...@cloudera.com.INVALID> > > Sent: Thursday, January 30, 2020 3:06 PM > > To: DevZooKeeper <dev@zookeeper.apache.org> > > Subject: [EXTERNAL] Re: 3.5.7 > > > > Hi all, > > > > Just a heads up. > > > > All patch that we wanted (as far as I'm aware, let me know if you miss > > something) for the 3.5.7 release has been committed to branch 3.5. Mainly > > this was: > > - ZOOKEEPER-3701 (split brain) > > - ZOOKEEPER-3482 (some SASL stuff) > > - ZOOKEEPER-3699 (fix CVE about Jackson) > > > > And a few other nice to haves (like ZOOKEEPER-1105 C client WARN msg fix) > > that also made it. > > > > I started testing the 3.5 branch and I will create a release branch soon > > (probably tomorrow). > > > > Regards, > > Norbert > > > > On Mon, Jan 27, 2020 at 11:30 AM Norbert Kalmar <nkal...@cloudera.com> > > wrote: > > > > > Only blocker left for 3.5.7 is ZOOKEEPER-3701, patch available here: > > > https://github.com/apache/zookeeper/pull/1233 > > > > > > I'll wait another 0.5-1 day if anyone wants to take a look at it. Then > > > I'll commit and start the 3.5.7 release process. > > > > > > Thanks, > > > Norbert > > > > > > On Thu, Jan 23, 2020 at 11:29 AM Norbert Kalmar <nkal...@cloudera.com> > > > wrote: > > > > > >> The patch fixed the CVE warning > > >> https://builds.apache.org/job/zookeeper-master-maven-owasp/339/ > > >> > > >> Norbert > > >> > > >> On Thu, Jan 23, 2020 at 11:07 AM Norbert Kalmar <nkal...@cloudera.com > > > > >> wrote: > > >> > > >>> Thanks Patrick, I'll review and preferably commit your patch, which > > >>> should negate the CVE warning. > > >>> > > >>> Regards, > > >>> Norbert > > >>> > > >>> On Wed, Jan 22, 2020 at 5:31 PM Patrick Hunt <ph...@apache.org> > wrote: > > >>> > > >>>> owasp is failing on branch-3.5, > > >>>> [ERROR] jackson-databind-2.9.10.1.jar: CVE-2019-20330 > > >>>> > > >>>> seems the same as: > > >>>> https://issues.apache.org/jira/browse/ZOOKEEPER-3699 > > >>>> > > >>>> Patrick > > >>>> > > >>>> On Wed, Jan 22, 2020 at 5:12 AM Ivan Kelly <iv...@apache.org> > wrote: > > >>>> > > >>>> > > Would you have time for a quick fix ? > > >>>> > > > >>>> > The measures to avoid the problem are listed at the end of the > JIRA > > >>>> > description. I can't submit a PR until I get permission from my > > >>>> > company legal to push to ZK. > > >>>> > > > >>>> > -Ivan > > >>>> > > > >>>> > > >>> > > >
