Hi Sahil We have an opportunity for you to help the community with this release that you were interested in. The vote for the latest release candidate is available - https://lists.apache.org/thread/jp82w4rw8l24gm5wh0fgnp5370pyq6s8
Please test the release candidate and provide your vote. Your contribution here and in future release, would be greatly welcome. Let me know if you have any questions. -- Divij Vaidya On Wed, Jul 12, 2023 at 12:16 PM Divij Vaidya <divijvaidy...@gmail.com> wrote: > Hey Sahil > > https://cwiki.apache.org/confluence/display/KAFKA/Release+plan+3.5.1 is > the release plan. RC0 is currently available for voting. > > In future, I would encourage you to subscribe to devloper mailing list > where updates regarding release planning are posted. You can see how to > subscribe to it at https://kafka.apache.org/contact > > -- > Divij Vaidya > > > > On Wed, Jul 12, 2023 at 6:22 AM Sahil Sharma D > <sahil.d.sha...@ericsson.com.invalid> wrote: > >> Gentle reminder! >> >> -----Original Message----- >> From: Sahil Sharma D >> Sent: 03 July 2023 04:39 PM >> To: users@kafka.apache.org >> Subject: RE: Release plan required for version 3.5.1 >> >> Hi, >> >> That means below vulnerabilities are not appliable for kafka, right? >> CVE-2022-42003 >> CVE-2022-42004 >> CVE-2023-34454 >> CVE-2023-34453 >> CVE-2023-35116 >> >> Regards, >> Sahil >> >> -----Original Message----- >> From: Josep Prat <josep.p...@aiven.io.INVALID> >> Sent: 03 July 2023 02:02 PM >> To: users@kafka.apache.org >> Subject: Re: Release plan required for version 3.5.1 >> >> Hi Sahil, >> Thanks for caring about Apache Kafka's security. One can fix this >> situation by replacing the affected jar file with the one containing the >> fix for the vulnerabilities. We plan to add a write up under Apache Kafka's >> CVE page. >> Mind that Apache Kafka doesn't typically do emergency releases for CVEs >> discovered in their dependencies unless affectation in Kafka itself is >> major. >> >> That being said, if you take a look at the `dev` mailing list, you'll see >> that a maintainer already volunteered to be the release manager for 3.5.1: >> https://lists.apache.org/thread/q8rxv7wo8mwvzs3d25hzy987xph7f7nr >> If you want to be up-to-date with the release plan of 3.5.1 (contents, >> estimated timings and such) please check the `dev` mailing list as this >> information is usually shared there. The `user` mailing list usually gets >> notified when release candidates or new versions are created. >> >> Best, >> >> On Mon, Jul 3, 2023 at 9:46 AM Sahil Sharma D < >> sahil.d.sha...@ericsson.com.invalid> wrote: >> >> > Gentle reminder! >> > >> > From: Sahil Sharma D >> > Sent: 26 June 2023 08:18 PM >> > To: users@kafka.apache.org >> > Subject: Release plan required for version 3.5.1 >> > Importance: High >> > >> > Hi Team, >> > >> > There is an vulnerability on snappy-java-1.1.8.4.jar, are we impacted >> > due to this if we are using only client jar and kafka server. >> > >> > Below are the vulnerabilities that still open and we unable to find >> > any detail of these CVEs on jira. In which version these CVEs are >> > planned to be resolved? >> > CVE-2022-42003 >> > CVE-2022-42004 >> > CVE-2023-34454 >> > CVE-2023-34453 >> > CVE-2023-35116 >> > >> > Kindly share the release plan for version 3.5.1. >> > >> > Regards, >> > Sahil >> > >> >> >> -- >> [image: Aiven] < >> https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-4fde1f84294d975c&q=1&e=2478bc68-679b-40d9-944b-4cde1de3c2b7&u=https%3A%2F%2Fwww.aiven.io%2F >> > >> >> *Josep Prat* >> Open Source Engineering Director, *Aiven* >> josep.p...@aiven.io | +491715557497 >> aiven.io < >> https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-4fde1f84294d975c&q=1&e=2478bc68-679b-40d9-944b-4cde1de3c2b7&u=https%3A%2F%2Fwww.aiven.io%2F> >> | < >> https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-83e1421cb9381159&q=1&e=2478bc68-679b-40d9-944b-4cde1de3c2b7&u=https%3A%2F%2Fwww.facebook.com%2Faivencloud >> > >> <https://www.linkedin.com/company/aiven/> < >> https://twitter.com/aiven_io> >> *Aiven Deutschland GmbH* >> Alexanderufer 3-7, 10117 Berlin >> Geschäftsführer: Oskari Saarenmaa & Hannu Valtonen Amtsgericht >> Charlottenburg, HRB 209739 B >> >>
