I ran tests with latest 4.14.2 sources and I didn't find any problems regarding bouncycastle. Prior with 4.14.1 I failed to upgrade BK artifacts due to bc fips introduced in 4.14.0. :)
Thank you Diego Il giorno ven 13 ago 2021 alle ore 10:42 Enrico Olivelli < eolive...@gmail.com> ha scritto: > Yong, > I was going to send this email. Perfect timing! > > +1 to cutting the release asap > > Please note that there are a few dependency upgrades prs related to > security issues, explicitly the upgrade of libthrift. > > Please verify that all security patches are in and that they have been > cherry picked to branch 4.14 > > We aren't cutting releases often and when it happens it is better to > resolve every know security report > > Thank you! > Enrico > > Il Ven 13 Ago 2021, 08:59 Yong Zhang <y...@apache.org> ha scritto: > > > Hi, > > > > We have changed the BouncyCastle at this PR > > https://github.com/apache/bookkeeper/pull/2631, > > which introduces an Incompatible issue. Detail: > > https://github.com/apache/pulsar/issues/10937. > > > > This also blocks the user upgrade their charts to pulsar 2.8.0 > > https://github.com/apache/pulsar-helm-chart/pull/130 > > > > We have fixed it by https://github.com/apache/bookkeeper/pull/2740, > > so I want to start a new release of bookkeeper for unblocking the users. > > > > If there are no objections, I'll move forward with the patch release. > > > > Thanks, > > Yong > > >
