updates.. I am still waiting for CI on this Netty TCNative upgrade, that has a CVE report https://github.com/apache/zookeeper/pull/1810
it also needs a reviewer please Enrico Il giorno lun 31 gen 2022 alle ore 11:33 Enrico Olivelli <eolive...@gmail.com> ha scritto: > > Andor, > sorry, I misunderstood your question. > > Yes, we must name it 3.8.0 due to Lockback > > Enrico > > Il giorno lun 31 gen 2022 alle ore 11:24 Enrico Olivelli > <eolive...@gmail.com> ha scritto: > > > > Il giorno lun 31 gen 2022 alle ore 10:49 Andor Molnar > > <an...@apache.org> ha scritto: > > > > > > What’s the reason for cutting a new minor release? > > > The logback migration? > > > > > > 3.7 only has a single patch release so far: 3.7.0 > > > > > > Isn’t that too early? > > > > for 3.7.1 we have to merge the upgrades of the libraries with CVEs, like > > Netty > > and also we have the fix for the k8s users with NettyServerConnection > > factory, that is a blocker for people on k8s > > > > > > > > Andor > > > > > > > > > > > > > > > > On 2022. Jan 28., at 16:28, Enrico Olivelli <eolive...@gmail.com> wrote: > > > > > > > > Sure. > > > > > > > > Il giorno ven 28 gen 2022 alle ore 14:19 Szalay-Bekő Máté > > > > <szalay.beko.m...@gmail.com> ha scritto: > > > >> > > > >> Great news, thanks for the work, Enrico!! > > > >> > > > >> I think we should wait for > > > >> https://github.com/apache/zookeeper/pull/1807 ( > > > >> https://issues.apache.org/jira/browse/ZOOKEEPER-4461) so that we can > > > >> eliminate all references for log4j1 from our pom.xml files. What do > > > >> you think? > > > > > > > > good catch > > > > > > > > the patch looks good, let's commit it as soon as CI passes > > > > > > > > Enrico > > > > > > > >> > > > >> Regards, > > > >> Máté > > > >> > > > >> > > > >> On Fri, Jan 28, 2022 at 5:24 AM Chris Nauroth <cnaur...@gmail.com> > > > >> wrote: > > > >> > > > >>> +1 > > > >>> > > > >>> Thanks for driving this, Enrico! > > > >>> > > > >>> Chris Nauroth > > > >>> > > > >>> > > > >>> On Thu, Jan 27, 2022 at 7:08 AM Enrico Olivelli <eolive...@gmail.com> > > > >>> wrote: > > > >>> > > > >>>> Hello ZooKeepers, > > > >>>> I believe that the master branch is in good shape. > > > >>>> > > > >>>> I would like to start the release procedure for 3.8.0. > > > >>>> > > > >>>> This is the list of issues for 3.8.0 > > > >>>> > > > >>>> > > > >>> https://issues.apache.org/jira/issues/?jql=project%20%3D%20ZOOKEEPER%20AND%20fixVersion%20%3D%203.8.0 > > > >>>> > > > >>>> We recently addressed all of the CVEs by updating some key > > > >>>> dependencies, like Netty, and moving away from Log4j1 (we switched to > > > >>>> LogBack) > > > >>>> > > > >>>> If no one has objections I will start the release procedure on Monday > > > >>>> > > > >>>> Regards > > > >>>> > > > >>>> Enrico > > > >>>> > > > >>> > > >
