[ANNOUNCE] Apache ZooKeeper 3.8.1 released

[Enrico Olivelli]

The Apache ZooKeeper team is proud to announce Apache ZooKeeper version 3.8.1

ZooKeeper is a high-performance coordination service for distributed
applications. It exposes common services - such as naming,
configuration management, synchronization, and group services - in a
simple interface so you don't have to write them from scratch. You can
use it off-the-shelf to implement consensus, group management, leader
election, and presence protocols. And you can build on it for your
own, specific needs.

For ZooKeeper release details and downloads, visit:
https://zookeeper.apache.org/releases.html

ZooKeeper 3.8.1 Release Notes are at:
https://zookeeper.apache.org/doc/r3.8.1/releasenotes.html

We would like to thank the contributors that made the release possible.

Regards,

The ZooKeeper Team

CVE-2022-32531: Apache BookKeeper: Java Client Uses Connection to Host that Failed Hostname Verification

[Enrico Olivelli]

Severity: Moderate

Description:

The Apache Bookkeeper Java Client (up to 4.14.5 and also 4.15.0) does
not close the connection to the
bookkeeper server when TLS hostname verification fails. This leaves
the bookkeeper client vulnerable to a man in the middle attack.

The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1.

Solution:

Upgrade to 4.14.6 or to 4.15.1

References:

https://bookkeeper.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-32531

[ANNOUNCE] Apache Curator 5.4.0 released

[Enrico Olivelli]

Hello,

The Apache Curator team is pleased to announce the release of version 5.4.0.
Apache  Curator is a Java/JVM client  library for Apache ZooKeeper[1],
a distributed  coordination service.
Apache Curator includes a high-level API framework and utilities to
make using Apache ZooKeeper much easier and more reliable.
It also includes recipes for common use cases and extensions such as
service discovery and a Java 8 asynchronous DSL.
For more details, please visit the project website: https://curator.apache.org/

The download page for Apache Curator is here:
https://curator.apache.org/releases.html

The binary artifacts for Curator are available from Maven Central and
its mirrors.

For general information on Apache Curator, please visit the project website:
https://curator.apache.org


Release Notes - Apache Curator - Version 5.4.0

** Wish
* [CURATOR-596] - Upgrade ZooKeeper to 3.7.1

** Bug
* [CURATOR-578] - EnsembleTracker replace hostname connectString
with wrong ip from zk config
* [CURATOR-597] - Background exception was not retry-able or retry gave up
* [CURATOR-638] - Curator disconnect from zookeeper when IPs change
* [CURATOR-644] - CLONE - Race conditions in LeaderLatch after
reconnecting to ensemble
* [CURATOR-645] - LeaderLatch generates infinite loop with two
LeaderLatch instances competing for the leadership
* [CURATOR-648] - CuratorFramework#blockUntilConnected does now
wait forever if waitTime <= 0
* [CURATOR-649] - Background exception was not retry-able or retry gave up


** Improvement
* [CURATOR-458] - Fix Schema constructor validation logic
* [CURATOR-587] - Use ZooKeeper 3.7+ ZooKeeperServerEmbedded in
order to start TestingServer
* [CURATOR-642] - Upgrade Guava to 31.1
* [CURATOR-646] - Fix RAT failure reports and add a CI task to
prevent regression

** Task
* [CURATOR-524] - Apache is asking us to review our build files
and make sure we're using https for all URLs.
* [CURATOR-653] - Double leader for LeaderLatch


Regards,

The Curator Team

[1] Apache ZooKeeper https://zookeeper.apache.org/

[ANNOUNCE] Apache Curator 5.2.1 released

[Enrico Olivelli]

Hello,

The Apache Curator  team is pleased to announce the  release of version
5.2.1.

Apache  Curator is a Java/JVM client library for Apache ZooKeeper[1], a
distributed coordination service.

Apache Curator includes a  high-level API framework and utilities to  make
using Apache ZooKeeper much easier and more reliable.

It also includes recipes for common use cases and extensions such as
service discovery and a Java 8 asynchronous DSL.

For more details, please visit the project website:
https://curator.apache.org/


The download page for Apache Curator is here:
https://cwiki.apache.org/confluence/display/CURATOR/Releases


The binary artifacts for Curator are available from Maven Central and its
mirrors.

For general information on Apache Curator, please visit the project website:

https://curator.apache.org

Release 5.2.1 is a bugfix release that follows up release 5.2.0, users of
5.1.0 and 5.2.0 are encouraged to upgrade to pick up bug fixes and new
functionality.

Release Notes - Apache Curator - Version 5.2.1

** Bug
* [CURATOR-561] - Race condition preventing reconnection
* [CURATOR-606] - ModeledFrameworkImpl.update() ignores version
for uncompressed data
* [CURATOR-607] - Method getLockPath of InterProcessReadWriteLock
locks is not exposed for use in transactions
* [CURATOR-608] - ZPath resolved state documentation improvements

** Improvement
* [CURATOR-610] - Refactor CountCuratorWatcher in
TestWatcherIdentity.java to improve test logic
* [CURATOR-619] - Replace OutstandingOps with JDK bundled Phaser

** Task
* [CURATOR-625] - Fix "Cannot find a single highest directory for
this project set. First two candidates directories don't share a
common root" build error

Regards,
The Curator Team


[1] Apache ZooKeeper https://zookeeper.apache.org/

[ANNOUNCE] Apache ZooKeeper 3.8.0

[Enrico Olivelli]

The Apache ZooKeeper team is proud to announce Apache ZooKeeper version 3.8.0

ZooKeeper is a high-performance coordination service for distributed
applications. It exposes common services - such as naming,
configuration management, synchronization, and group services - in a
simple interface so you don't have to write them from scratch. You can
use it off-the-shelf to implement consensus, group management, leader
election, and presence protocols. And you can build on it for your
own, specific needs.

For ZooKeeper release details and downloads, visit:
https://zookeeper.apache.org/releases.html

ZooKeeper 3.8.0 Release Notes are at:
https://zookeeper.apache.org/doc/r3.8.0/releasenotes.html

We would like to thank the contributors that made the release possible.

Regards,

The ZooKeeper Team

CVE-2021-41571: Apache Pulsar: Pulsar Admin API allows access to data from other tenants using getMessageById API

[Enrico Olivelli]

Severity: moderate

Description:

In Apache Pulsar it is possible to access data from BookKeeper that
does not belong to the topics accessible by the authenticated user.

The Admin API get-message-by-id requires the user to input a topic and
a ledger id. The ledger id is a pointer to the data, and it is
supposed to be a valid id for the topic.
Authorisation controls are performed against the topic name and there
is no proper validation that the ledger id is valid in the context of
such ledger.
So it may happen that the user is able to read from a ledger that
contains data owned by another tenant.

This issue affects Apache Pulsar Apache Pulsar version 2.8.0 and prior
versions; Apache Pulsar version 2.7.3 and prior versions; Apache
Pulsar version 2.6.4 and prior versions.

This issue is being tracked as https://github.com/apache/pulsar/issues/11814

Mitigation:

If you are running Pulsar behind a proxy you can disable access to the
REST API for the flawed API

/admin/v2/non-persistent/{tenant}/{namespace}/{topic}/ledger/{ledgerId}/entry/{entryId}

References:

https://pulsar.apache.org/admin-rest-api/#operation/getLastMessageId
https://github.com/apache/pulsar/issues/11814

[ANNOUNCE] Apache Pulsar 2.9.1 released

[Enrico Olivelli]

The Apache Pulsar team is proud to announce Apache Pulsar version 2.9.1.

Pulsar is a highly scalable, low latency messaging platform running on
commodity hardware. It provides simple pub-sub semantics over topics,
guaranteed at-least-once delivery of messages, automatic cursor management for
subscribers, and cross-datacenter replication.

For Pulsar release details and downloads, visit:

https://pulsar.apache.org/download

Release Notes are at:
http://pulsar.apache.org/release-notes

We would like to thank the contributors that made the release possible.

Regards,
The Pulsar Team

[ANNOUNCE] Apache Pulsar 2.7.2 released

[Enrico Olivelli]

The Apache Pulsar team is proud to announce Apache Pulsar version 2.7.2.

Pulsar is a highly scalable, low latency messaging platform running on
commodity hardware. It provides simple pub-sub semantics over topics,
guaranteed at-least-once delivery of messages, automatic cursor management for
subscribers, and cross-datacenter replication.

For Pulsar release details and downloads, visit:

https://pulsar.apache.org/download

Release Notes are at:
http://pulsar.apache.org/release-notes

We would like to thank the contributors that made the release possible.

Regards,

The Pulsar Team

[ANNOUNCE] Apache BookKeeper 4.11.1 released

[Enrico Olivelli]

The Apache BookKeeper team is proud to announce Apache BookKeeper version
4.11.1.

Apache BookKeeper is a scalable, fault-tolerant, and low-latency storage
service optimized for
real-time workloads. It has been used for a fundamental service to build
reliable services.
It is also the log segment store for Apache DistributedLog and the message
store for Apache Pulsar.

This is the 22h release of the Apache BookKeeper.

Release highlights
- Upgrade Netty,Vertx and RocksDB
- Better error reporting in case of ZooKeeper related errors
- Fix error that prevents Garbage Collections in case of corrupted
EntryLogger file
- Support for Apache ZooKeeper 3.6.x

For BookKeeper release details and downloads, visit:

https://bookkeeper.apache.org/releases/

BookKeeper 4.11.1 Release Notes are at:

https://bookkeeper.apache.org/docs/4.11.1/overview/releaseNotes/

We would like to thank the contributors that made the release possible.

Regards,

The BookKeeper Team

[ANNOUNCE] Apache ZooKeeper 3.6.2 released

[Enrico Olivelli]

The Apache ZooKeeper team is proud to announce Apache ZooKeeper version
3.6.2

ZooKeeper is a high-performance coordination service for distributed
applications. It exposes common services - such as naming,
configuration management, synchronization, and group services - in a
simple interface so you don't have to write them from scratch. You can
use it off-the-shelf to implement consensus, group management, leader
election, and presence protocols. And you can build on it for your
own, specific needs.

For ZooKeeper release details and downloads, visit:
https://zookeeper.apache.org/releases.html

ZooKeeper 3.6.2 Release Notes are at:
https://zookeeper.apache.org/doc/r3.6.2/releasenotes.html

We would like to thank the contributors that made the release possible.

Regards,

The ZooKeeper Team

[ANNOUNCE] Apache Curator 5.1.0

[Enrico Olivelli]

Hello,

The Apache Curator  team is pleased to announce the  release of version
5.1.0.
Apache  Curator is a Java/JVM client library for Apache ZooKeeper[1], a
distributed coordination service.
Apache Curator includes a  high-level API framework and utilities to  make
using Apache ZooKeeper much easier and more reliable.
It also includes recipes for common use cases and extensions such as
service discovery and a Java 8 asynchronous DSL.
For more details, please visit the project website:
https://curator.apache.org/


The download page for Apache Curator is here:
https://curator.apache.org/releases.html

The binary artifacts for Curator are available from Maven Central and its
mirrors.
For general information on Apache Curator, please visit the project website:
https://curator.apache.org


Release 5.1.0 is a bugfix release that follows up release 5.0.0, users of
5.0.0 are encouraged to upgrade.

Release Notes:

 [CURATOR-574] - DiscoveryService fatal error on deserializing an empty
byte[] as JSON
 [CURATOR-575] - TestingServer shut down can cause NullPointerException

Regards,
The Curator Team

[1] Apache ZooKeeper https://zookeeper.apache.org/

[ANNOUNCE] Apache ZooKeeper 3.6.1

[Enrico Olivelli]

The Apache ZooKeeper team is proud to announce Apache ZooKeeper version
3.6.1

ZooKeeper is a high-performance coordination service for distributed
applications. It exposes common services - such as naming,
configuration management, synchronization, and group services - in a
simple interface so you don't have to write them from scratch. You can
use it off-the-shelf to implement consensus, group management, leader
election, and presence protocols. And you can build on it for your
own, specific needs.

For ZooKeeper release details and downloads, visit:
https://zookeeper.apache.org/releases.html

ZooKeeper 3.6.1 Release Notes are at:
https://zookeeper.apache.org/doc/r3.6.1/releasenotes.html

We would like to thank the contributors that made the release possible.

Regards,

The ZooKeeper Team

[ANNOUNCE] Apache BookKeeper 4.10.0 released

[Enrico Olivelli]

The Apache BookKeeper team is proud to announce Apache BookKeeper version
4.10.0.

Apache BookKeeper is a scalable, fault-tolerant, and low-latency storage
service optimized for
real-time workloads. It has been used for a fundamental service to build
reliable services.
It is also the log segment store for Apache DistributedLog and the message
store for Apache Pulsar.

This is the 20th release of the Apache BookKeeper.

News and noteworthy:
- Add new bkctl shell tool
- Cluster Metadata Checker
- Journal should respect to flushWhenQueueEmpty setting
- Allow to override default SASL service name ‘bookkeeper’
- Make default Bookie scripts work on JDK11+

For BookKeeper release details and downloads, visit:

http://bookkeeper.apache.org/releases/

BookKeeper 4.10.0 Release Notes are at:

http://bookkeeper.apache.org/docs/4.10.0/overview/releaseNotes/

We would like to thank the contributors that made the release possible.

Regards,

The BookKeeper Team

[ANNOUNCE] Apache Maven 3.6.2 released

[Enrico Olivelli]

The Apache Maven team is proud to announce Apache Maven version
3.6.2.

Maven is a software project management and comprehension tool. Based on the
concept of a project object model (POM), Maven can manage a project’s
build, reporting, and documentation from a central place.

Highlights:

- This release focuses mostly performance improvements, better memory
footprint, and less CPU usage.

- We are continuing to convert Maven Core to use JSR 330 annotations
instead of Plexus (still not finished, see MNG-5577).

- New support for ‘release’ qualifier (see MNG-6655).

- The toolchain.xml file supports environment variables (see MNG-6665).


For Apache Maven release details and downloads, visit:

https://maven.apache.org/download.cgi


Maven 3.6.2 Release Notes are at:

https://maven.apache.org/docs/3.6.2/release-notes.html


We would like to thank the contributors that made the release possible.

Regards,

The Apache Maven Team

[ANNOUNCE] Apache BookKeeper 4.9.1 released

[Enrico Olivelli]

The Apache BookKeeper team is proud to announce Apache BookKeeper version
4.9.1.

Apache BookKeeper is a scalable, fault-tolerant, and low-latency
storage service optimized for
real-time workloads. It has been used for a fundamental service to
build reliable services.
It is also the log segment store for Apache DistributedLog and the
message store for Apache Pulsar.

This is the 18th release of the Apache BookKeeper.

The 4.9.1 release incorporates a few critical bug fixes, since
previous major release, 4.9.0.

For BookKeeper release details and downloads, visit:

https://bookkeeper.apache.org/releases/

BookKeeper 4.9.1 Release Notes are at:

https://bookkeeper.apache.org/docs/4.9.1/overview/releaseNotes/

We would like to thank the contributors that made the release possible.

Regards,

The BookKeeper Team

[ANNOUNCE] Apache BookKeeper 4.8.1 released

[Enrico Olivelli]

The Apache BookKeeper team is proud to announce Apache BookKeeper version
4.8.1.

Apache BookKeeper is a scalable, fault-tolerant, and low-latency
storage service optimized for
real-time workloads. It has been used for a fundamental service to
build reliable services.
It is also the log segment store for Apache DistributedLog and the
message store for Apache Pulsar.

This is the 14th release of the Apache BookKeeper.

Highlights

Use default metrics registry in Prometheus exporter

Don’t cache Bookie hostname DNS resolution forever

Reduce stack traces in logs for common cases

Ledger deletion racing with flush can cause a ledger index to be resurrected

EntryMemTable.newEntry retains reference to passed ByteBuffer
array, can cause corruption on journal replay


For BookKeeper release details and downloads, visit:

https://bookkeeper.apache.org/releases/

BookKeeper 4.8.1 Release Notes are at:

https://bookkeeper.apache.org/docs/4.8.1/overview/releaseNotes/

We would like to thank the contributors that made the release possible.

Regards,

The BookKeeper Team

[ANNOUNCE] Apache BookKeeper 4.8.0 released

[Enrico Olivelli]

The Apache BookKeeper team is proud to announce Apache BookKeeper version 4.8.0.

Apache BookKeeper is a scalable, fault-tolerant, and low-latency
storage service optimized for
real-time workloads. It has been used for a fundamental service to
build reliable services.
It is also the log segment store for Apache DistributedLog and the
message store for Apache Pulsar.

This is the 13th release of the Apache BookKeeper.

The main features in 4.8.0 are around following areas:

- Relaxed Durability: new DEFERRED_SYNC WriteFlag to defer waiting for
sync on Journals

- ExplicitLAC feature: Now ExplicitLAC is no more best-effort but is
can be persisted durably on Bookies

- New Table Storage Service: a new scalable distributed Key-Value
store embedded in Bookies

For BookKeeper release details and downloads, visit:

https://bookkeeper.apache.org/releases/

BookKeeper 4.8.0 Release Notes are at:

https://bookkeeper.apache.org/docs/4.8.0/overview/releaseNotes/

We would like to thank the contributors that made the release possible.

Regards,

The BookKeeper Team

[ANNOUNCE] Apache BookKeeper 4.6.2 released

[Enrico Olivelli]

The Apache BookKeeper team is proud to announce Apache BookKeeper version
4.6.2.

Apache BookKeeper is a scalable, fault-tolerant, and low-latency storage
service optimized for
real-time workloads. It has been used for a fundamental service to build
reliable services.
It is also the log segment store for Apache DistributedLog and the message
store for Apache Pulsar.

This is the 9-th release of Apache BookKeeper.

This is a bugfix release, it fixes bugs around Java 9/10 support and it
brings performance enhancements on Prometheus stats provider and on client
side memory usage.

For BookKeeper release details and downloads, visit:

https://bookkeeper.apache.org/releases/

BookKeeper 4.6.2 Release Notes are at:

https://bookkeeper.apache.org/docs/4.6.2/overview/releaseNotes/

We would like to thank the contributors that made the release possible.

Regards,

The BookKeeper Team

[ANNOUNCE] Apache BookKeeper 4.6.1 released

[Enrico Olivelli]

The Apache BookKeeper team is proud to announce Apache BookKeeper version
4.6.1.

Apache BookKeeper is a scalable, fault-tolerant, and low-latency storage
service optimized for
real-time workloads. It has been used for a fundamental service to build
reliable services.
It is also the log segment store for Apache DistributedLog and the message
store for Apache Pulsar.

This is the 8th release of the Apache BookKeeper.

This is a bugfix release, it fixes bugs around Index Persistence Manager
and provides enhancements about Java 9 support.

For BookKeeper release details and downloads, visit:

http://www.apache.org/dyn/closer.cgi/bookkeeper

BookKeeper 4.6.1 Release Notes are at:

https://bookkeeper.apache.org/docs/4.6.1/overview/releaseNotes/

We would like to thank the contributors that made the release possible.

Regards,

The BookKeeper Team

[ANNOUNCE] Apache BookKeeper 4.6.1 released

[Enrico Olivelli]

The Apache BookKeeper team is proud to announce Apache BookKeeper version4.6.1.

Apache BookKeeper is a scalable, fault-tolerant, and low-latency
storage service optimized for
real-time workloads. It has been used for a fundamental service to
build reliable services.
It is also the log segment store for Apache DistributedLog and the
message store for Apache Pulsar.

This is the 8th release of the Apache BookKeeper.

This is a bugfix release, it fixes bugs around Index Persistence
Manager and provides enhancements about Java 9 support

For BookKeeper release details and downloads, visit:
 http://www.apache.org/dyn/closer.cgi/bookkeeper

BookKeeper 4.6.1 Release Notes are at:
https://bookkeeper.apache.org/docs/4.6.1/overview/releaseNotes/


We would like to thank the contributors that made the release possible.

Regards,

The BookKeeper Team

[ANNOUNCE] Apache BookKeeper 4.5.1 released

[Enrico Olivelli]

The Apache BookKeeper team is proud to announce Apache BookKeeper version
4.5.1.

Apache BookKeeper is a scalable, fault-tolerant, and low-latency
storage service optimized for
real-time workloads. It has been used for a fundamental service to
build reliable services.
It is also the log segment store for Apache DistributedLog and the
message store for Apache Pulsar.

This is the 6th release of the Apache BookKeeper.

This is a bugfix release, it fixes bugs around parallel recovery,
Prometheus stats provider and placement policies.

For BookKeeper release details and downloads, visit:
 http://www.apache.org/dyn/closer.cgi/bookkeeper

BookKeeper 4.5.1 Release Notes are at:
https://bookkeeper.apache.org/docs/4.5.1/overview/releaseNotes/

We would like to thank the contributors that made the release possible.

Regards,

The BookKeeper Team