Hi Divij, Thanks for running this release!
To verify, I: - Built from source using Java 11 with both: - - the 3.5.1-rc1 tag on GitHub - - the kafka-3.5.1-src.tgz artifact from https://home.apache.org/~divijv/kafka-3.5.1-rc1/ - Checked signatures and checksums - Ran the quickstart using the kafka_2.13-3.5.1.tgz artifact from https://home.apache.org/~divijv/kafka-3.5.1-rc1/ with Java 11 and Scala 13 in KRaft mode - Ran all unit tests - Ran all integration tests for Connect and MM2 - Verified that only version 1.1.10.1 of Snappy is present in the libs/ directory of the unpacked kafka_2.12-3.5.1.tgz and kafka_2.13-3.5.1.tgz artifacts - Verified that case-insensitive validation of the security.protocol property is restored for Kafka clients by setting it to "pLAiNTexT" with the bin/kafka-topics.sh command (using the --command-config option), and with a standalone Connect worker (by adjusting the security.protocol, consumer.security.protocol, producer.security.protocol, and admin.security.protocol properties in the worker config file) Everything looks good to me! +1 (binding) Cheers, Chris On Mon, Jul 17, 2023 at 12:29 PM Federico Valeri <fedeval...@gmail.com> wrote: > Hi Divij, I did the following checks: > > - Checked signature, checksum, licenses > - Spot checked documentation and javadoc > - Built from source with Java 17 and Scala 2.13 > - Ran full unit and integration test suites > - Ran test Java app using staging Maven artifacts > > +1 (non binding) > > Cheers > Fede > > On Mon, Jul 17, 2023 at 10:27 AM Divij Vaidya <divijvaidy...@gmail.com> > wrote: > > > > Hello Kafka users, developers and client-developers, > > > > This is the second candidate (RC1) for release of Apache Kafka 3.5.1. > First > > release candidate (RC0) was discarded due to incorrect license files. > They > > have been fixed since then. > > > > This release is a security patch release. It upgrades the dependency, > > snappy-java, to a version which is not vulnerable to CVE-2023-34455. You > > can find more information about the CVE at Kafka CVE list > > <https://kafka.apache.org/cve-list#CVE-2023-3445>. > > > > Additionally, this releases fixes a regression introduced in 3.3.0, which > > caused security.protocol configuration values to be restricted to upper > > case only. With this release, security.protocol values are > > case insensitive. See KAFKA-15053 > > <https://issues.apache.org/jira/browse/KAFKA-15053> for details. > > > > Release notes for the 3.5.1 release: > > https://home.apache.org/~divijv/kafka-3.5.1-rc1/RELEASE_NOTES.html > > > > *** Please download, test and vote by Thursday, July 20, 9am PT > > > > Kafka's KEYS file containing PGP keys we use to sign the release: > > https://kafka.apache.org/KEYS > > > > Release artifacts to be voted upon (source and binary): > > https://home.apache.org/~divijv/kafka-3.5.1-rc1/ > > > > Maven artifacts to be voted upon: > > https://repository.apache.org/content/groups/staging/org/apache/kafka/ > > > > Javadoc: > > https://home.apache.org/~divijv/kafka-3.5.1-rc1/javadoc/ > > > > Tag to be voted upon (off 3.5 branch) is the 3.5.1 tag: > > https://github.com/apache/kafka/releases/tag/3.5.1-rc1 > > > > Documentation: > > https://kafka.apache.org/35/documentation.html > > Please note that documentation will be updated with upgrade notes ( > > > https://github.com/apache/kafka/commit/4c78fd64454e25e3536e8c7ed5725d3fbe944a49 > ) > > after the release is complete. > > > > Protocol: > > https://kafka.apache.org/35/protocol.html > > > > Unit/integration tests: > > https://ci-builds.apache.org/job/Kafka/job/kafka/job/3.5/43/ (2 > failures) > > https://ci-builds.apache.org/job/Kafka/job/kafka/job/3.5/42/ (6 > failures) > > https://ci-builds.apache.org/job/Kafka/job/kafka/job/3.5/39/ (9 > failures) > > > > In all 3 runs above, there are no common tests which are failing, which > > leads me to believe that they are flaky. I have also verified that > > unit/integration tests on my local machine successfully pass (JDK 17 + > > Scala 2.13) > > > > System tests: > > Not planning to run system tests since this is a patch release. > > > > Thank you. > > > > -- > > Divij Vaidya > > Release Manager for Apache Kafka 3.5.1 >
