Thank you for testing folks. Although, we already have 3 binding votes, as per Apache's release approval process [1], I am going to keep the vote open for 72 hours, i.e. until July 20th 10:30 AM (CEST)
[1] https://www.apache.org/legal/release-policy.html#release-approval -- Divij Vaidya On Tue, Jul 18, 2023 at 4:21 PM Mickael Maison <mimai...@apache.org> wrote: > Hi Divij, > > I verified the checksums and signatures, ran the ZooKeeper quickstart > with the 2.13 binaries, ran the tests on Java 11 and checked the > javadoc and licenses. > > +1 (binding) > > Thanks, > Mickael > > On Tue, Jul 18, 2023 at 8:32 AM Luke Chen <show...@gmail.com> wrote: > > > > Hi Divij, > > > > I've run: > > 1. Download kafka_2.12-3.5.1.tgz > > 2. Run quick start using KRaft mode > > 3. Verified the checksum > > 4. Sanity check the javadoc > > > > All looks good. > > +1 (binding) > > > > Thanks. > > Luke > > > > On Tue, Jul 18, 2023 at 5:15 AM Chris Egerton <chr...@aiven.io.invalid> > > wrote: > > > > > Hi Divij, > > > > > > Thanks for running this release! > > > > > > To verify, I: > > > - Built from source using Java 11 with both: > > > - - the 3.5.1-rc1 tag on GitHub > > > - - the kafka-3.5.1-src.tgz artifact from > > > https://home.apache.org/~divijv/kafka-3.5.1-rc1/ > > > - Checked signatures and checksums > > > - Ran the quickstart using the kafka_2.13-3.5.1.tgz artifact from > > > https://home.apache.org/~divijv/kafka-3.5.1-rc1/ with Java 11 and > Scala 13 > > > in KRaft mode > > > - Ran all unit tests > > > - Ran all integration tests for Connect and MM2 > > > - Verified that only version 1.1.10.1 of Snappy is present in the libs/ > > > directory of the unpacked kafka_2.12-3.5.1.tgz and kafka_2.13-3.5.1.tgz > > > artifacts > > > - Verified that case-insensitive validation of the security.protocol > > > property is restored for Kafka clients by setting it to "pLAiNTexT" > with > > > the bin/kafka-topics.sh command (using the --command-config option), > and > > > with a standalone Connect worker (by adjusting the security.protocol, > > > consumer.security.protocol, producer.security.protocol, and > > > admin.security.protocol properties in the worker config file) > > > > > > Everything looks good to me! > > > > > > +1 (binding) > > > > > > Cheers, > > > > > > Chris > > > > > > On Mon, Jul 17, 2023 at 12:29 PM Federico Valeri <fedeval...@gmail.com > > > > > wrote: > > > > > > > Hi Divij, I did the following checks: > > > > > > > > - Checked signature, checksum, licenses > > > > - Spot checked documentation and javadoc > > > > - Built from source with Java 17 and Scala 2.13 > > > > - Ran full unit and integration test suites > > > > - Ran test Java app using staging Maven artifacts > > > > > > > > +1 (non binding) > > > > > > > > Cheers > > > > Fede > > > > > > > > On Mon, Jul 17, 2023 at 10:27 AM Divij Vaidya < > divijvaidy...@gmail.com> > > > > wrote: > > > > > > > > > > Hello Kafka users, developers and client-developers, > > > > > > > > > > This is the second candidate (RC1) for release of Apache Kafka > 3.5.1. > > > > First > > > > > release candidate (RC0) was discarded due to incorrect license > files. > > > > They > > > > > have been fixed since then. > > > > > > > > > > This release is a security patch release. It upgrades the > dependency, > > > > > snappy-java, to a version which is not vulnerable to > CVE-2023-34455. > > > You > > > > > can find more information about the CVE at Kafka CVE list > > > > > <https://kafka.apache.org/cve-list#CVE-2023-3445>. > > > > > > > > > > Additionally, this releases fixes a regression introduced in 3.3.0, > > > which > > > > > caused security.protocol configuration values to be restricted to > upper > > > > > case only. With this release, security.protocol values are > > > > > case insensitive. See KAFKA-15053 > > > > > <https://issues.apache.org/jira/browse/KAFKA-15053> for details. > > > > > > > > > > Release notes for the 3.5.1 release: > > > > > https://home.apache.org/~divijv/kafka-3.5.1-rc1/RELEASE_NOTES.html > > > > > > > > > > *** Please download, test and vote by Thursday, July 20, 9am PT > > > > > > > > > > Kafka's KEYS file containing PGP keys we use to sign the release: > > > > > https://kafka.apache.org/KEYS > > > > > > > > > > Release artifacts to be voted upon (source and binary): > > > > > https://home.apache.org/~divijv/kafka-3.5.1-rc1/ > > > > > > > > > > Maven artifacts to be voted upon: > > > > > > https://repository.apache.org/content/groups/staging/org/apache/kafka/ > > > > > > > > > > Javadoc: > > > > > https://home.apache.org/~divijv/kafka-3.5.1-rc1/javadoc/ > > > > > > > > > > Tag to be voted upon (off 3.5 branch) is the 3.5.1 tag: > > > > > https://github.com/apache/kafka/releases/tag/3.5.1-rc1 > > > > > > > > > > Documentation: > > > > > https://kafka.apache.org/35/documentation.html > > > > > Please note that documentation will be updated with upgrade notes ( > > > > > > > > > > > > > https://github.com/apache/kafka/commit/4c78fd64454e25e3536e8c7ed5725d3fbe944a49 > > > > ) > > > > > after the release is complete. > > > > > > > > > > Protocol: > > > > > https://kafka.apache.org/35/protocol.html > > > > > > > > > > Unit/integration tests: > > > > > https://ci-builds.apache.org/job/Kafka/job/kafka/job/3.5/43/ (2 > > > > failures) > > > > > https://ci-builds.apache.org/job/Kafka/job/kafka/job/3.5/42/ (6 > > > > failures) > > > > > https://ci-builds.apache.org/job/Kafka/job/kafka/job/3.5/39/ (9 > > > > failures) > > > > > > > > > > In all 3 runs above, there are no common tests which are failing, > which > > > > > leads me to believe that they are flaky. I have also verified that > > > > > unit/integration tests on my local machine successfully pass (JDK > 17 + > > > > > Scala 2.13) > > > > > > > > > > System tests: > > > > > Not planning to run system tests since this is a patch release. > > > > > > > > > > Thank you. > > > > > > > > > > -- > > > > > Divij Vaidya > > > > > Release Manager for Apache Kafka 3.5.1 > > > > > > > >