Hi,
I would like to propose the following release candidate
(RC0) of Apache Arrow version 7.0.1. This is a release
consisting of 1 resolved JIRA issues[1].
This is one of releases[2] that focus on a Go related
security vulnerability[3]. We don't publish binary artifacts
of this release because we don't have Go related binaries.
This release candidate is based on commit:
072ae55dc8172bb1a898fda5d5a83ec063b05a6d [4]
The source release rc0 is hosted at [5].
The changelog is located at [6].
Please download, verify checksums and signatures, run the
unit tests, and vote on the release. See [7] for how to
validate a release candidate. But you need to verify only Go
related tests because this release candidate only includes a
change for Go. So we can use the following command line:
TEST_DEFAULT=0 TEST_GO=1 dev/release/verify-release-candidate.sh 7.0.1 0
The vote will be open for at least 72 hours.
[ ] +1 Release this as Apache Arrow 7.0.1
[ ] +0
[ ] -1 Do not release this as Apache Arrow 7.0.1 because...
[1]:
https://issues.apache.org/jira/issues/?jql=project%20%3D%20ARROW%20AND%20status%20in%20%28Resolved%2C%20Closed%29%20AND%20fixVersion%20%3D%207.0.1
[2] https://lists.apache.org/thread/qkkzpvmxc0coqhdkc1qoygwy6h4v5sgn
[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28948
[4]:
https://github.com/apache/arrow/tree/072ae55dc8172bb1a898fda5d5a83ec063b05a6d
[5]: https://dist.apache.org/repos/dist/dev/arrow/apache-arrow-7.0.1-rc0
[6]:
https://github.com/apache/arrow/blob/072ae55dc8172bb1a898fda5d5a83ec063b05a6d/CHANGELOG.md
[7]:
https://cwiki.apache.org/confluence/display/ARROW/How+to+Verify+Release+Candidates
