[jira] [Created] (ZOOKEEPER-4468) Backport BCFKS key/trust store format support to branch 3.5

2022-02-10 Thread Mate Szalay-Beko (Jira)
Mate Szalay-Beko created ZOOKEEPER-4468: --- Summary: Backport BCFKS key/trust store format support to branch 3.5 Key: ZOOKEEPER-4468 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4468 Proje

[jira] [Created] (ZOOKEEPER-4467) Missing op code (addWatch) in Request.op2String

2022-02-10 Thread Kezhu Wang (Jira)
Kezhu Wang created ZOOKEEPER-4467: - Summary: Missing op code (addWatch) in Request.op2String Key: ZOOKEEPER-4467 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4467 Project: ZooKeeper I

[jira] [Created] (ZOOKEEPER-4466) Watchers of different modes interfere on overlapping pathes

2022-02-10 Thread Kezhu Wang (Jira)
Kezhu Wang created ZOOKEEPER-4466: - Summary: Watchers of different modes interfere on overlapping pathes Key: ZOOKEEPER-4466 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4466 Project: ZooKeepe

Re: [VOTE] Apache ZooKeeper release 3.8.0 candidate 0

2022-02-10 Thread Mike Drob
On 2022/02/04 11:07:34 Enrico Olivelli wrote: > > Source files: > https://people.apache.org/~eolivelli/zookeeper-3.8.0-candidate-0/ > > > The staging version of the website is: > https://people.apache.org/~eolivelli/zookeeper-3.8.0-candidate-0/website/ > Is there a reason that these are st

Re: [VOTE] Apache ZooKeeper release 3.8.0 candidate 0

2022-02-10 Thread Enrico Olivelli
-1 (binding) Let me add the exclusion and prepare a new RC. I am cancelling this VOTE Thanks to everyone Enrico Il Gio 10 Feb 2022, 17:47 Andor Molnar ha scritto: > I agree with Pat. Though adding exclusions doesn’t make any difference in > the quality of our code, but a build is a build. It’

Re: [VOTE] Apache ZooKeeper release 3.8.0 candidate 0

2022-02-10 Thread Andor Molnar
I agree with Pat. Though adding exclusions doesn’t make any difference in the quality of our code, but a build is a build. It’s either green or red (not green). No excuse. Andor > On 2022. Feb 10., at 16:51, Patrick Hunt wrote: > > On Thu, Feb 10, 2022 at 12:22 AM Enrico Olivelli > wrote:

Re: [VOTE] Apache ZooKeeper release 3.8.0 candidate 0

2022-02-10 Thread Patrick Hunt
On Thu, Feb 10, 2022 at 12:22 AM Enrico Olivelli wrote: > Patrick, > If you prefer I can send a patch for. the exclusion of > [ERROR] netty-tcnative-2.0.48.Final.jar: CVE-2021-43797, CVE-2019-16869, > CVE-2015-2156, CVE-2021-37136, CVE-2014-3488, CVE-2021-37137, > CVE-2019-20445, CVE-2019-20444,

Re: [VOTE] Apache ZooKeeper release 3.8.0 candidate 0

2022-02-10 Thread Enrico Olivelli
Patrick, If you prefer I can send a patch for. the exclusion of [ERROR] netty-tcnative-2.0.48.Final.jar: CVE-2021-43797, CVE-2019-16869, CVE-2015-2156, CVE-2021-37136, CVE-2014-3488, CVE-2021-37137, CVE-2019-20445, CVE-2019-20444, CVE-2021-21295, CVE-2021-21409, CVE-2021-21290 That said, this won'

Re: [VOTE] Apache ZooKeeper release 3.8.0 candidate 0

2022-02-10 Thread Szalay-Bekő Máté
Thanks Enrico for working on the release candidate! The RC looks good to me if we are sure that the OWASP problem is a false positive and we can skip this netty-tcnative jar check. However, these CVEs are old... Is it possible that we just added this jar by accident with the recent netty upgrade?