Kai Sun created ZOOKEEPER-4022:
--
Summary: ZooKeeper client session establishment deficiency
Key: ZOOKEEPER-4022
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4022
Project: ZooKeeper
Issue
More minor: I notice that
./zookeeper-server/src/main/resources/lib/jetty-client-9.4.34.v20201102.LICENSE.txt
is included in the release even though the jar is no longer used. It should
be removed.
Regards,
Patrick
On Fri, Dec 4, 2020 at 1:53 PM Patrick Hunt wrote:
> -1 - the dependency check
-1 - the dependency check is failing with a known CVE
$ mvn clean package -DskipTests dependency-check:check
...
[ERROR] One or more dependencies were identified with vulnerabilities that
have a CVSS score greater than or equal to '0.0':
[ERROR]
[ERROR] jetty-server-9.4.34.v20201102.jar: CVE-2020-
Thank you all for the review.
Damien: I don't think jenkins jira's are even worth noting in release
notes, but the other 2 is of a bigger interest.
ZOOKEEPER-1634 - the jira is missing any 3.5 fix tag. I can fix it in the
jira, but I wouldn't do a new rc to have it in releasenotes.
Now the missin
+1 (non-binding)
- I built the source code (-Pfull-build) in docker on Ubuntu 16.04.6 using
OpenJDK 8u275 and maven 3.3.9.
- all the unit tests passed (Java and C-client).
- I also built zkpython
- checkstyle and spotbugs passed
- apache-rat passed
- owasp (CVE check) passed
The only issue I fou