Max, with no doubt we should not release 2.11.1 with known CVE.
вс, 19 дек. 2021 г. в 21:24, Maxim Muzafarov :
> Ivan,
>
> I suppose the next 2.11.2 version should be released. Currently, from
> my point of view, it's a bit strange releasing 2.11.1 with a known
> CVE. It doesn't take too much
Ivan,
I suppose the next 2.11.2 version should be released. Currently, from
my point of view, it's a bit strange releasing 2.11.1 with a known
CVE. It doesn't take too much time to prepare a new RC.
Folks,
I've merged to the master branch the issue [1] which upgrades
dependency to 2.17.0 and
Haha, it becomes funny :) What if another vulnerability will be discovered
a few days later?
сб, 18 дек. 2021 г. в 18:04, Maxim Muzafarov :
> Folks,
>
>
> I've found that LOG4J2 2.17.0 version is released [1]. According to
> the description and risk mitigation [2] it is recommended the version
>
Folks,
I've found that LOG4J2 2.17.0 version is released [1]. According to
the description and risk mitigation [2] it is recommended the version
update. Since the release has not happened yet I think it is possible
to update the dependency in the 2.11.1 release too.
WDYT?
[1]
I've dropped GitBox in favour of GitHub — the build [1] has started.
[1]
https://ci.ignite.apache.org/buildConfiguration/Releases_ApacheIgniteMain_ReleaseBuild/6329862
> On 17 Dec 2021, at 13:24, Maxim Muzafarov wrote:
>
> Petr,
>
> Thank you.
>
> Yes, I've added changes related to the new
Petr,
Thank you.
Yes, I've added changes related to the new release build actions
(IGNITE-15678, IGNITE-15677). The ignite-2.12 branch seems to be
working fine, however, at the ignite-2.11.1 the error with "too many
requests" appears from time to time. Here is an example of such a
build [1].
Concerning Too many requests error, I see the following problem:
Your request has been rate limited, as we have detected excessive usage from
your IP or net block:
15.575 SECONDS OF TIME SPENT OVER 120 SECONDS, MAX ALLOWED IS 15.
Rate-limits are automatic and reset every two minutes.
If you
Permissions updated.
> On 17 Dec 2021, at 13:09, Petr Ivanov wrote:
>
> Could you please add links to builds that are malfunctioning?
> As much as I see here [1] and here [2] — the release build changed to comply
> with 2.12 changes that are not merged to 2.11.1
>
>
> [1]
>
Could you please add links to builds that are malfunctioning?
As much as I see here [1] and here [2] — the release build changed to comply
with 2.12 changes that are not merged to 2.11.1
[1]
https://ci.ignite.apache.org/buildConfiguration/Releases_ApacheIgniteMain_ReleaseBuild/6329822
[2]
Hello Petr,
Can you please assist with configuring the Release Teamcity suite that
has been changed for 2.x a month ago? These changes haven't been
discussed on the dev-list, so I'm not familiar with them.
I've faced several issues:
- the default role for Apache Ignite 2.x (Release) suite is
Hi Maxim,
Thanks a lot!
> Check the following links below.
Looks good to me.
чт, 16 дек. 2021 г. в 20:19, Maxim Muzafarov :
> Folks,
>
>
> I'm OK with this. Let's go through the fastest way we have.
>
>
> Check the following links below. I'll prepare the vote shortly.
>
> Compare branches
Folks,
I'm OK with this. Let's go through the fastest way we have.
Check the following links below. I'll prepare the vote shortly.
Compare branches 2.11 and 2.11.1:
https://github.com/apache/ignite/compare/ignite-2.11...ignite-2.11.1
The release branch:
Hello!
I also agree with Stephen. If we wanted to do a stabilization release we
should unbound it from this urgent fix.
I wonder why 2.12 is not with us already, given that it was scheduled to go
out in August.
Regards,
--
Ilya Kasnacheev
чт, 16 дек. 2021 г. в 19:25, Вячеслав Коптилин :
>
Hello,
> Given that 2.12 is so close, my preference would be to limit the scope of
2.11.1 to just the log4j update.
I agree with Stephen. Apache Ignite 2.11.1 is an emergency release. Using
log4j 2.16 instead of 2.14 is a quite small change that only requires a
"sanity" check and can be quickly
I think it is completely possible to move vote/release dates
significantly forward with keeping the scope. I will take a look at
the list of fixed bugs more narrowly and exclude some of them that
require additional verification.
On Thu, 16 Dec 2021 at 15:55, Stephen Darlington
wrote:
>
> Given
Folks,
This is also a good candidate to include in the proposed release.
AssertionError in B+Tree under load
https://issues.apache.org/jira/browse/IGNITE-15990
On Thu, 16 Dec 2021 at 15:54, Pavel Tupitsyn wrote:
>
> Maxim,
>
> Thanks for taking this, scope looks good to me.
> I think we can
Given that 2.12 is so close, my preference would be to limit the scope of
2.11.1 to just the log4j update. Would that help bring the vote/release date
forward?
> On 16 Dec 2021, at 12:44, Maxim Muzafarov wrote:
>
> Dear Ignite Community!
>
> I suggest preparing the Apache Ignite 2.11.1
Maxim,
Thanks for taking this, scope looks good to me.
I think we can even start the vote today or tomorrow, given the severity of
log4j issue.
Pavel
On Thu, Dec 16, 2021 at 3:44 PM Maxim Muzafarov wrote:
> Dear Ignite Community!
>
> I suggest preparing the Apache Ignite 2.11.1 release and I
Dear Ignite Community!
I suggest preparing the Apache Ignite 2.11.1 release and I want to
propose myself to be the release manager of the minor release.
* RELEASE TIMELINE *
Scope Freeze: December 16, 2021
Code Freeze: December 16, 2021
Voting Date: December 21, 2021
Release Date: December 24,
19 matches
Mail list logo