Hi,
I would like to propose the following release candidate
(RC0) of Apache Arrow version 6.0.2. This is a release
consisting of 1 resolved JIRA issues[1].
This is one of releases[2] that focus on a Go related
security vulnerability[3]. We don't publish binary artifacts
of this release because we don't have Go related binaries.
This release candidate is based on commit:
3ea5af64865f9910d3c98162c7949af8d63ec68e [4]
The source release rc0 is hosted at [5].
The changelog is located at [6].
Please download, verify checksums and signatures, run the
unit tests, and vote on the release. See [7] for how to
validate a release candidate. But you need to verify only Go
related tests because this release candidate only includes a
change for Go. So we can use the following command line:
TEST_DEFAULT=0 TEST_GO=1 dev/release/verify-release-candidate.sh 6.0.2 0
The vote will be open for at least 72 hours.
[ ] +1 Release this as Apache Arrow 6.0.2
[ ] +0
[ ] -1 Do not release this as Apache Arrow 6.0.2 because...
[1]:
https://issues.apache.org/jira/issues/?jql=project%20%3D%20ARROW%20AND%20status%20in%20%28Resolved%2C%20Closed%29%20AND%20fixVersion%20%3D%206.0.2
[2] https://lists.apache.org/thread/qkkzpvmxc0coqhdkc1qoygwy6h4v5sgn
[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28948
[4]:
https://github.com/apache/arrow/tree/3ea5af64865f9910d3c98162c7949af8d63ec68e
[5]: https://dist.apache.org/repos/dist/dev/arrow/apache-arrow-6.0.2-rc0
[6]:
https://github.com/apache/arrow/blob/3ea5af64865f9910d3c98162c7949af8d63ec68e/CHANGELOG.md
[7]:
https://cwiki.apache.org/confluence/display/ARROW/How+to+Verify+Release+Candidates
