I am cancelling this vote.

Stay tuned for rc2

Enrico

Il Lun 3 Feb 2020, 23:38 Patrick Hunt <phu...@gmail.com> ha scritto:

> On Mon, Feb 3, 2020 at 2:27 PM Enrico Olivelli <eolive...@gmail.com>
> wrote:
>
> > Il Lun 3 Feb 2020, 21:22 Patrick Hunt <ph...@apache.org> ha scritto:
> >
> > > Enrico, while what you are saying is true, and sounds reasonable wrt
> this
> > > release, keep in mind that often for our users ZK is not an end in and
> of
> > > itself - it's combined with other capabilities/components. As such
> those
> > > components may use related functionality which is impacted - providing
> > > support for third parties with clear bill of health can be important.
> > > Another aspect is that many companies have broad rules about not using
> > code
> > > with known problems. I see this quite a bit where libraries with known
> > > issues are not allowed to production regardless statements such as "we
> > are
> > > not affected" as a matter of policy.
> > >
> >
> > Can you please send a patch for the upgrade? Please remember to update
> the
> > license stuff. If you don't have time I will take care of it within the
> end
> > of this week.
> >
>
> Sure, i can do that.
>
> Patrick
>
>
> >
> > I am cancelling this vote now.
> >
> > We can include Jordan's patch and Mate's fix for tests as well.
> >
> > The next RC will include those patches and Netty upgrade, I don't expect
> > regressions that can be shown by unit tests.
> >
> > Enrico
> >
> >
> > > Regards,
> > >
> > > Patrick
> > >
> > > On Mon, Feb 3, 2020 at 12:10 PM Enrico Olivelli <eolive...@gmail.com>
> > > wrote:
> > >
> > > > Patrick
> > > > We are not affected by that issue
> > > > https://nvd.nist.gov/vuln/detail/CVE-2019-20445
> > > > It is about HTTP.
> > > >
> > > > As Netty is a core dependency and in my experience sometimes it
> > > introduces
> > > > regressions I feel it is safer to not upgrade for 3.6.0.
> > > > We can upgrade it on master branch.
> > > >
> > > > Enrico
> > > >
> > > > Il Lun 3 Feb 2020, 20:06 Patrick Hunt <ph...@apache.org> ha scritto:
> > > >
> > > > > FYI owasp jenkins job is failing due to netty CVE:
> > > > > https://issues.apache.org/jira/browse/ZOOKEEPER-3716
> > > > >
> > > > > Patrick
> > > > >
> > > > > On Mon, Feb 3, 2020 at 8:12 AM Enrico Olivelli <
> eolive...@gmail.com>
> > > > > wrote:
> > > > >
> > > > > > Il Lun 3 Feb 2020, 16:23 Norbert Kalmar
> > <nkal...@cloudera.com.invalid
> > > >
> > > > > ha
> > > > > > scritto:
> > > > > >
> > > > > > > Máté's patch fixed it for me. I don't know if this is a blocker
> > for
> > > > > 3.6.0
> > > > > > > rc1
> > > > > >
> > > > > >
> > > > > > I don't think it is a blocker.
> > > > > > It is not a regression
> > > > > >
> > > > > > Enrico
> > > > > >
> > > > > > , but since 3.5.7 is not even branched yet, I'll wait for this
> > patch
> > > to
> > > > > > > make it there.
> > > > > > >
> > > > > > > Thanks Máté, good catch!
> > > > > > >
> > > > > > > Regards,
> > > > > > > Norbert
> > > > > > >
> > > > > > > On Mon, Feb 3, 2020 at 2:02 PM Szalay-Bekő Máté <
> > > > > > > szalay.beko.m...@gmail.com>
> > > > > > > wrote:
> > > > > > >
> > > > > > > > I created
> https://issues.apache.org/jira/browse/ZOOKEEPER-3715
> > > and
> > > > > > > started
> > > > > > > > to work on it
> > > > > > > >
> > > > > > > > On Mon, Feb 3, 2020 at 1:12 PM Szalay-Bekő Máté <
> > > > > > > > szalay.beko.m...@gmail.com>
> > > > > > > > wrote:
> > > > > > > >
> > > > > > > > > (FYI: I tried a few more versions, the problem seems to
> > appear
> > > > > > between
> > > > > > > > > OpenJDK 8.232 and 8.242. And there are a lot of kerberos
> > > related
> > > > > > > changes
> > > > > > > > > after 8.232: see
> https://hg.openjdk.java.net/jdk8u/jdk8u/jdk
> > )
> > > > > > > > >
> > > > > > > > > On Mon, Feb 3, 2020 at 12:54 PM Norbert Kalmar
> > > > > > > > > <nkal...@cloudera.com.invalid> wrote:
> > > > > > > > >
> > > > > > > > >> I tested with zulu 1.8.212 on the linux machine, and with
> > zulu
> > > > > > > 1.8.0_163
> > > > > > > > >> on
> > > > > > > > >> MacOS (whoops). I use sdkman on both machine. I upgraded
> to
> > > the
> > > > > > newest
> > > > > > > > 1.8
> > > > > > > > >> which is _242, at least with sdkman.
> > > > > > > > >> And sadly, the mentioned tests also fail for me after the
> > > > upgrade.
> > > > > > > > >>
> > > > > > > > >> So, something in the tests that the new versions of java
> > > doesn't
> > > > > > like
> > > > > > > :(
> > > > > > > > >>
> > > > > > > > >> I'm not sure either if it's a showstopper or not. But
> > possibly
> > > > > this
> > > > > > > > could
> > > > > > > > >> come out when using kerberized ZK? Unfortunately kind of
> > hard
> > > to
> > > > > > test
> > > > > > > > >> "live".
> > > > > > > > >>
> > > > > > > > >> Regards,
> > > > > > > > >> Norbert
> > > > > > > > >>
> > > > > > > > >> On Mon, Feb 3, 2020 at 12:38 PM Szalay-Bekő Máté <
> > > > > > > > >> szalay.beko.m...@gmail.com>
> > > > > > > > >> wrote:
> > > > > > > > >>
> > > > > > > > >> > - I compiled and run all the unit tests using Ubuntu
> 18.04
> > > > > (incl.
> > > > > > > the
> > > > > > > > C
> > > > > > > > >> > client), using OpenJDK 1.8.212
> > > > > > > > >> > - I also built and unit tested the python client
> > > > > > > > >> > - I did some manual tests for the multi-address feature
> > with
> > > > > > > multiple
> > > > > > > > >> > virtual networks (using
> > > > > > > > https://github.com/symat/zookeeper-docker-test)
> > > > > > > > >> >
> > > > > > > > >> > everything seemed to be OK, however...
> > > > > > > > >> >
> > > > > > > > >> > using OpenJDK 1.8.242 or OpenJDK 11.0.6, I got some
> > kerberos
> > > > > > related
> > > > > > > > >> > exceptions when running the following tests:
> > > > > > > > >> > - QuorumKerberosAuthTest
> > > > > > > > >> > - QuorumKerberosHostBasedAuthTest
> > > > > > > > >> > - SaslKerberosAuthOverSSLTest
> > > > > > > > >> >
> > > > > > > > >> > the error:
> > > > > > > > >> > 2020-02-03 12:11:07,197 [myid:localhost:11223] - ERROR
> > > > > > > > >> >
> [main-SendThread(localhost:11223):ZooKeeperSaslClient@336
> > ]
> > > -
> > > > An
> > > > > > > > error:
> > > > > > > > >> > (java.security.PrivilegedActionException:
> > > > > > > > >> > javax.security.sasl.SaslException: GSS initiate failed
> > > [Caused
> > > > > by
> > > > > > > > >> > GSSException: No valid credentials provided (Mechanism
> > > level:
> > > > > null
> > > > > > > > >> > (5001))]) occurred when evaluating Zookeeper Quorum
> > Member's
> > > > > > > received
> > > > > > > > >> SASL
> > > > > > > > >> > token. Zookeeper Client will go to AUTH_FAILED state.
> > > > > > > > >> >
> > > > > > > > >> > I tried it with Zulu 11.0.3 version and OpenJDK 11.0.2
> > > version
> > > > > and
> > > > > > > > both
> > > > > > > > >> > were working fine. So it looks there might some
> > > > incompatibility
> > > > > > with
> > > > > > > > the
> > > > > > > > >> > more recent JDK releases. (between 1.8.212 - 1.8.242,
> and
> > > also
> > > > > > > between
> > > > > > > > >> > 11.0.3 and 11.0.6)
> > > > > > > > >> >
> > > > > > > > >> > I also tested on OpenJDK 13.ea.30 and that worked.
> > > > > > > > >> >
> > > > > > > > >> > I am not sure if it is a -1 or not... clearly these are
> > some
> > > > > test
> > > > > > > and
> > > > > > > > >> JDK
> > > > > > > > >> > related issues. Also it can be only some strange thing
> > with
> > > my
> > > > > > > > >> environment.
> > > > > > > > >> > Can someone try to reproduce my problem?
> > > > > > > > >> >
> > > > > > > > >> >
> > > > > > > > >> > Cheers,
> > > > > > > > >> > Mate
> > > > > > > > >> >
> > > > > > > > >> > On Mon, Feb 3, 2020 at 4:31 AM Jordan Zimmerman <
> > > > > > > > >> > jor...@jordanzimmerman.com>
> > > > > > > > >> > wrote:
> > > > > > > > >> >
> > > > > > > > >> > > No big issues with Curator that I could find
> > > > > > > > >> > >
> > > > > > > > >> > > +1 (non binding)
> > > > > > > > >> > >
> > > > > > > > >> > > -Jordan
> > > > > > > > >> > >
> > > > > > > > >> > > > On Feb 1, 2020, at 10:02 AM, Enrico Olivelli <
> > > > > > > eolive...@gmail.com
> > > > > > > > >
> > > > > > > > >> > > wrote:
> > > > > > > > >> > > >
> > > > > > > > >> > > > This is the second release candidate for Apache
> > > ZooKeeper
> > > > > > 3.6.0.
> > > > > > > > >> > > >
> > > > > > > > >> > > > It is a major release and it introduces a lot of new
> > > > > features,
> > > > > > > > most
> > > > > > > > >> > > notably:
> > > > > > > > >> > > > - Built-in data consistency check inside ZooKeeper
> > > > > > > > >> > > > - Allow Followers to host Observers
> > > > > > > > >> > > > - Authentication enforcement
> > > > > > > > >> > > > - Pluggable metrics system for ZooKeeper (and
> > > > Prometheus.io
> > > > > > > > >> > integration)
> > > > > > > > >> > > > - TLS Port unification
> > > > > > > > >> > > > - Audit logging in ZooKeeper servers
> > > > > > > > >> > > > - Improve resilience to network (advertise multiple
> > > > > addresses
> > > > > > > for
> > > > > > > > >> > > > members of a Zookeeper cluster)
> > > > > > > > >> > > > - Persistent Recursive Watches
> > > > > > > > >> > > > - add an API and the corresponding CLI to get total
> > > count
> > > > of
> > > > > > > > >> recursive
> > > > > > > > >> > > > sub nodes under a specific path
> > > > > > > > >> > > >
> > > > > > > > >> > > > The full release notes is available at:
> > > > > > > > >> > > >
> > > > > > > > >> > > >
> > > > > > > > >> > >
> > > > > > > > >> >
> > > > > > > > >>
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12326518
> > > > > > > > >> > > >
> > > > > > > > >> > > > *** Please download, test and vote by February 4th
> > 2020,
> > > > > 23:59
> > > > > > > > >> UTC+0.
> > > > > > > > >> > ***
> > > > > > > > >> > > >
> > > > > > > > >> > > > Source files:
> > > > > > > > >> > > >
> > > > > > >
> > https://people.apache.org/~eolivelli/zookeeper-3.6.0-candidate-1/
> > > > > > > > >> > > >
> > > > > > > > >> > > > Maven staging repo:
> > > > > > > > >> > >
> > > > > > > > >> >
> > > > > > > > >>
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> https://repository.apache.org/content/repositories/orgapachezookeeper-1047/
> > > > > > > > >> > > >
> > > > > > > > >> > > > The staging version of the website is:
> > > > > > > > >> > > >
> > > > > > > > >> > >
> > > > > > > > >> >
> > > > > > > > >>
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> https://people.apache.org/~eolivelli/zookeeper-3.6.0-candidate-1/website/
> > > > > > > > >> > > >
> > > > > > > > >> > > > The release candidate tag in git to be voted upon:
> > > > > > > release-3.6.0-1
> > > > > > > > >> > > >
> > > https://github.com/apache/zookeeper/tree/release-3.6.0-1
> > > > > > > > >> > > >
> > > > > > > > >> > > > ZooKeeper's KEYS file containing PGP keys we use to
> > sign
> > > > the
> > > > > > > > >> release:
> > > > > > > > >> > > > https://www.apache.org/dist/zookeeper/KEYS
> > > > > > > > >> > > >
> > > > > > > > >> > > > Please note that we are adding a new jar to the
> > > dependency
> > > > > set
> > > > > > > for
> > > > > > > > >> > > > clients: zookeeper-metrics-providers.
> > > > > > > > >> > > >
> > > > > > > > >> > > > Should we release this candidate?
> > > > > > > > >> > > >
> > > > > > > > >> > > > Enrico Olivelli
> > > > > > > > >> > >
> > > > > > > > >> > >
> > > > > > > > >> >
> > > > > > > > >>
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>

Reply via email to