+1 (binding) - Verified checksums, signatures, licence files - Built on Ubuntu with JDK11, all tests passed (I used surefire-forkcount=1) - Run smoke tests on the binaries produced by building the source package
Good job, thank you Mohammad Enrico Il giorno lun 2 mag 2022 alle ore 14:14 Szalay-Bekő Máté <szalay.beko.m...@gmail.com> ha scritto: > > +1 (binding) > > - I built the source code (-Pfull-build) on Ubuntu 18.04.6 using OpenJDK > 11.0.14.1 and maven 3.6.0. > - all the unit tests passed eventually (both Java and C-client). > - I also built and executed unit tests for zkpython > - checkstyle and spotbugs passed > - apache-rat passed > - owasp (CVE check) passed (with some false-positives, see ZOOKEEPER-4510) > - fatjar built > - I executed quick rolling-upgrade smoke tests (using > https://github.com/symat/zk-rolling-upgrade-test): > - rolling upgrade from 3.5.9 to 3.7.1 > - rolling upgrade from 3.6.3 to 3.7.1 > - rolling upgrade from 3.7.0 to 3.7.1 > - rolling upgrade from 3.7.1 to 3.8.0 > > Few minor issues, none of them blocker in my opinion: > - some false positive CVE problems (followed in > https://issues.apache.org/jira/browse/ZOOKEEPER-4510) > - some unit tests failed for me the first time, but succeeded when I run > them one-by-one: > - org.apache.zookeeper.ZKUtilTest > - org.apache.zookeeper.server.ZooKeeperServerMainTest > - org.apache.zookeeper.server.quorum.QuorumPeerMainMultiAddressTest > - org.apache.zookeeper.server.quorum.QuorumPeerMainTest > - org.apache.zookeeper.server.quorum.Zab1_0Test > - org.apache.zookeeper.server.util.JvmPauseMonitorTest > - org.apache.zookeeper.server.util.RequestPathMetricsCollectorTest > - some C unit tests failed also on my docker environment (these run > successfully on CI, so I assume it is only a problem on my docker setup): > - Zookeeper_readOnly::testReadOnly (only on the multi-threaded C-client > test suite) > - Zookeeper_readOnly::testReadOnlyWithSSL (only on the multi-threaded > C-client test suite) > > Thanks for your work preparing the RC! > > Kind regards, > Máté > > On Fri, Apr 29, 2022 at 4:03 PM Christopher <ctubb...@apache.org> wrote: > > > FWIW, this is already being tracked on > > https://issues.apache.org/jira/browse/ZOOKEEPER-4510 > > It's a false positive. I don't think it should hold up a vote. > > > > On Fri, Apr 29, 2022 at 7:40 AM Szalay-Bekő Máté > > <szalay.beko.m...@gmail.com> wrote: > > > > > > Hello Mohammad, > > > > > > Thanks for the RC! I'm still testing it (so no vote just yet), but I > > found > > > some CVE errors reported. The command "mvn clean package -DskipTests > > > dependency-check:check" failed with: > > > > > > [ERROR] One or more dependencies were identified with vulnerabilities > > that > > > have a CVSS score greater than or equal to '0.0': > > > [ERROR] > > > [ERROR] reload4j-1.2.19.jar: CVE-2020-9493, CVE-2022-23307 > > > [ERROR] > > > [ERROR] See the dependency-check report for more details. > > > > > > I think this is a dependency-check plugin error and not an actual > > security > > > problem. At least I don't see Apache Chainsaw in our dependency tree, I > > > don't know why maven dependency-check reports this. Anyway, it would be > > > good if someone else can take a look too. > > > > > > Best regards, > > > Máté > > > > > > On Mon, Apr 25, 2022 at 3:25 AM Mohammad Arshad <ars...@apache.org> > > wrote: > > > > > > > This is a bug fix release candidate for 3.7.1. It contains 61 fixes. > > > > > > > > The full release notes is available at: > > > > > > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12350030 > > > > > > > > *** Please download, test and vote by Sunday, 01 May, 2022, 23:59 > > UTC+0. > > > > *** > > > > > > > > Source files: > > > > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.7.1-rc0/ > > > > > > > > Maven staging repo: > > > > > > https://repository.apache.org/content/repositories/orgapachezookeeper-1075 > > > > > > > > The release candidate tag in git to be voted upon: release-3.7.1-0 > > > > https://github.com/apache/zookeeper/tree/release-3.7.1-0 > > > > > > > > ZooKeeper's KEYS file containing PGP keys we use to sign the release: > > > > https://www.apache.org/dist/zookeeper/KEYS > > > > > > > > The staging version of the website is: > > > > > > > > > > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.7.1-rc0/website/index.html > > > > > > > > > > > > Should we release this candidate? > > > > > > > > > > > > -Arshad > > > > > >