Hello Mohammad, Thanks for the RC! I'm still testing it (so no vote just yet), but I found some CVE errors reported. The command "mvn clean package -DskipTests dependency-check:check" failed with:
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0.0': [ERROR] [ERROR] reload4j-1.2.19.jar: CVE-2020-9493, CVE-2022-23307 [ERROR] [ERROR] See the dependency-check report for more details. I think this is a dependency-check plugin error and not an actual security problem. At least I don't see Apache Chainsaw in our dependency tree, I don't know why maven dependency-check reports this. Anyway, it would be good if someone else can take a look too. Best regards, Máté On Mon, Apr 25, 2022 at 3:25 AM Mohammad Arshad <ars...@apache.org> wrote: > This is a bug fix release candidate for 3.7.1. It contains 61 fixes. > > The full release notes is available at: > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12350030 > > *** Please download, test and vote by Sunday, 01 May, 2022, 23:59 UTC+0. > *** > > Source files: > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.7.1-rc0/ > > Maven staging repo: > https://repository.apache.org/content/repositories/orgapachezookeeper-1075 > > The release candidate tag in git to be voted upon: release-3.7.1-0 > https://github.com/apache/zookeeper/tree/release-3.7.1-0 > > ZooKeeper's KEYS file containing PGP keys we use to sign the release: > https://www.apache.org/dist/zookeeper/KEYS > > The staging version of the website is: > > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.7.1-rc0/website/index.html > > > Should we release this candidate? > > > -Arshad >
